CMIS Notes

Reminder: Review cases as there might be a few answers on it on the test

Chapter 1

1.1

Information technology: refers to any computer-based tool that is used to work with information and to
support an organization information-processing need.

Information system: collects, processes, stores, analyzes and disseminates information for a specific
purpose.

1.1 Why Should I Study Information Systems?

Reasons to learn Information systems/information technology

1. The Informed User- You

-benefits of becoming an informed user: a person knowledgeable about ISs and IT
 You benefit more when you understand what is “behind” IT applications
 You can provide valuable input to an organization IT applications
 You can recommend and help select IT applications
 You will be aware of new technology and rapid developments in existing technologies
 You understand how IT improves performance as well as productivity
 Understanding IT is beneficial to entrepreneurs

2. Digital Transformation (why I should study IS 4.2)

 Organizations that you work with will be continually undertaking digital transformation:
 Digital transformation: a business strategy that leverages IT to dramatically improve
employee, customer, and business partner relationships
 New technologies that enable digital transformation include: big data, social computing,
cloud computing, artificial intelligence, and more

3. Manage the IS Function in an organization (why I should study IS 4.3)

4. IT Offers Career Opportunities (why I should study IS 4.5)

IT is vital to modern businesses, providing many career opportunities that include:

a. Programmers, business analysts, systems analysts, and designers

b. Chief information officer (CIO)—executive in charge of the IS function

Career opportunities will remain strong in the future

5. Managing Information Resources (Why should I study IS? 5.5)

 Managing information resources is difficult and complex because:

a. ISs have an enormous strategic value to organizations (some firms can’t function
without an IS system)

b. ISs are very expensive to acquire, operate, and maintain

c. Evolution of the MIS function within the organization

 In the past: end-users did not interact with mainframe.

 In the modern: partnership between MIS department and end-users as computer
usage increases in the workplace.

• Main function of MIS department is to use IT to solve end-user

business problems.

Factors Affecting Responsibility For Managing Information Resources

• MIS personnel vs. end users

• Changing role of the IS department

o Traditional functions of the MIS department

o New (consultative) functions of the MIS department facilitate informed user

involvement.

Traditional Function of the MIS Department

• Managing systems development and systems project management

• Managing computer operations

• Staffing, training, and developing IS skills

• Providing technical services

• Infrastructure planning, development, and control

New (Consultative) Functions of the MIS Department (1 of 2)

Consultative MIS Department Role Informed End User Role

Initiating and designing specific strategic Your information needs will mandate the
information systems development of new strategic information
systems

Incorporating the Internet and e- Responsible for effective use of the

 commerce into the business Internet and e-commerce

Managing system integration of the Describe business needs and the type of
Internet, intranets, and extranets integration that is required to MIS
department

Educating non-MIS managers about IT Advise the MIS department about your
employees’ training needs on IT

Educating the MIS staff about the business Communicate business needs,
requirements and goals to MIS

Consultative MIS Department Role Informed End User Role

Partnering with business unit executives Responsible for defining and clarifying your
roles in alignment with the MIS department
roles and organizational strategy

Managing outsourcing Identify outsourcing requirements for your

functional area with the assistance of MIS
department advice

Proactively using business and technical Partner with the MIS department to target
knowledge to see innovative ideas about high-priority business needs and use
using IT innovative solutions

Create business alliances with business Identify supply chain or other inter-
partners organizational business requirements

1.2 Overview of Computer-Based Information System

• Data, information, knowledge

Data items: a description of things, events, activities and transactions that are recorded, classified, and
stored but are not organized to convey any specific meaning. Data can be numbers, letters, figures,
sounds and images (eg. 3.11, 2.96) and characters (eg, B, A, C)

Information: refers to data that have been organized so they have meaning and value to the recipient
Knowledge: consists of data and or information that have been organized and processed to convey
understanding, experience, accumulated learning, and expertise to apply to a current business problem

Types of computer-based information systems

a. Computer-based information system is an information system that uses computer technology to

perform some of all its intended tasks.

Basic components of computer-based information systems

Information technology components

Six basic components:

• Four information technology (IT) components: hardware, software, database, network – from
the information technology platform

• Components are used to develop information systems, oversee security, and risk, and
manage data (activities known as information technology services)

• It components + it services compose the information technology infrastructure

• Two non-IT components: procedures, people

Information systems perform various tasks via a spectrum of applications.

Application: a computer program designed to support a specific task or business process

Functional area information system: a collection of application programs in a single department

1. Hardware: consists of devices such as processor, monitor, keyboard, and printer. These devices
collectively accept, process and display data and information.
2. Software: a program or collection of programs that enables the hardware to process data
3. Database: a collection of related files or tables containing data
4. Network: a connecting system (wireline or wireless) that enables multiple computers to share
resources
5. Procedures: the instructions for combining these components to process information and
generate the desired output

Major Capabilities of Information System

• Perform high-speed, high-volume numerical computations.

• Provide fast, accurate communication and collaboration within and among organizations.
 • Store huge amounts of information in an easy-to-access yet small space

• Allow quick and inexpensive access to vast amounts of information worldwide

• Interpret vast amounts of data quickly and efficiently

• Automate both semiautomatic business processes and manual tasks

Types of Computer-Based Information Systems

• Breadth of support of ISs
• Support for organizational employees

Breadth of support of information systems

• Functional Area Information Systems (FAIS), also known as a departmental information system:

• (supports a functional area within the organization)

o Human resources (HR)

o Accounting

o Finance

o Marketing

o Production/operations

• Two information systems support the entire organization:

o Enterprise Resource Planning (ERP) systems

• Provide communication among functional area ISs through an integrated

database

o Transaction Processing Systems (TPS)

• Support the monitoring, collection, storage, and processing of data from the
organization’s day-to-day operations for basic business transactions

• Two information systems support the entire organization:

Enterprise Resource Planning (ERP) systems

• Provide communication among functional area ISs through an integrated

database

Transaction Processing Systems (TPS)

 • Support the monitoring, collection, storage, and processing of data from the
organization’s day-to-day operations for basic business transactions

• TPs are collected in real time

• Not all TPSs are ERP systems

Interorganizational information system: information systems that connect two or more organizations

>IOS supports supply chain management

Supply chain: the flow of materials, information, money, and services from suppliers of raw materials
through factories/warehouses to the end customers

Electronic commerce systems: another type of interorganizational information systems which enable
organizations to conduct transactions, business-to-business electronic commerce, and customers to
conduct transactions with businesses (business to consumer (B2C)

All types of workers require support from information systems:

• Clerical workers – support managers at all levels of the organization (bookkeepers, secretaries,
electronic file clerks, insurance claim processors)

• Low level managers: handle day-to-day operations,and making routine decisions such as
assigning tasks and placing purchase orders

• Middle managers: deal with tactical decisions like short-term planning, organizing, and control.

• knowledge workers: those who are expiernced in a particular field

The systems that support them are called:

• Functional area information systems (FAIS) – summarize data and prepare reports

• Business analytics (BA) and business intelligence (BI): provide computer-based support for
complex , non-routine decisions

• Expert systems (ES): An attempt to duplicate the work of human experts by applying reasoning
capabilities, knowledge, and expertise within a specific domain.

• Dashboards (aka digital dashboards): a form of is that provides rapid access to timely
information and direct access to information in the form of reports

• Executive dashboards: dashboards tailored to the information needs of executives

IT Impacts Entire Industries:

Two scenarios:
 o Industries where software disrupted the previous market-leading companies
o Industries where a new company (or companies) used software to achieve a
competitive advantage

• Book industry

• Online books

• Music industry

• Digital music streaming/internet radio companies

• Video industry

• Online movie streaming sites (eg. Netlfix, hulu)

• Software industry

• Software as a service products

• Video game industry

• Photography industry

• Mobile phones

• Marketing

• Facebook, Google, and Foursquare

• Recruiting

• Resumes online

• Financial services

• Buying/Selling Stocks through software

• Motion picture industry

• DreamWorks Animation

• Automobile industry

• Agriculture

• Fashion

• Education

• Legal profession

IT Reduces the Number of Middle Managers

  It makes managers more productive and increases the number of employees so IT
reduces the number of middle managers required

IT Changes the Managers Job

 Decision making is the most important managerial task

 IT changes the way managers make decisions
 IT provides near real-time information
o Managers have less time to make decisions
 IT provides tools for analysis to assist in decision making and in handling high
volumes of information

Will IT Eliminate Jobs?

• The competitive advantage of replacing people with IT and machines is increasing rapidly

• Increasing the use of IT in business also:

o Creates new job categories

o Requires more employees with IT knowledge and skills

It Impacts Employees at work

 A loss sense of identity due to “computerization”

It Impacts Employees’ Health and Safety

• Increased job stress

• Long-term use of the keyboard and mouse can result in repetitive strain injuries (RSI)

• RSIs are addressed by ergonomics: the science of designing machines and work settings that
minimize injury and illness

IT Provides Opportunities for People with Disabilities

• Speech-recognition for employees unable to type due to physical impairment

• Audible screen tips for employees who are visually impaired

Importance of information Systems to Society

• IT Affects Our Quality of Life

 • The Robot Revolution Is Here Now

• IT Impacts Health Care

• The Emergence of Cognitive Computing: IBM Watson

IT Affects Our Quality of Life

• IT has changed the way we work

o Smartphones provide constant access to text, email, and voice communications

o The lines between time at work and leisure time at home have become blurred

o Surveys indicate employees take laptops and smartphones on vacation

The Robot Revolution is Here Now

Baxter

• Helps with repetitive tasks in factories (e.g. packing & unpacking items)

LoweBots

• Autonomous customer assistant robots

Drones

• An unmanned aerial vehicle that is controlled by pilots from the ground or follows a
preprogrammed missions – used for a various purposes

Autonomous vehicles

IT’s About Business 1.3:

Diverse Uses for Drones

Consider:

• How are drones and robots helping with our food supply?

• Examine plant growth

• Detect areas under stress from disease, rot, insect damage, or lack of water

• Assess when the next load of produce should be ready to send to a company.

• How could drones help reduce crime in your area, town, or city?
 • Search and Rescue

• Traffic collision reconstructions

• Active shooter scenarios

• Crime scene analysis

• General Surveillance

IT Impacts Health Care

• IT is used in health care to:

o Make better and faster diagnoses

o Streamline the process of researching and developing new drugs

o Enhance the work of radiologists

o Allow surgeons to use virtual reality to plan complex surgeries, and use robots to
remotely perform surgery

The Emergence of Cognitive Computing: IBM Watson

• IBM’s Watson is an example of artificial intelligence (AI) called cognitive computing. Watson:

o Understands natural language

o Learns and absorbs information to formulate hypotheses

o Has the ability to understand the context of a question

• In health care Watson helps fine-tune diagnoses and treatment protocols

• Watson is being used in other areas including: customer service, financial services, tax
preparation services, and strategic analysis

Chapter 3

• Ethics:

o The principles of right and wrong that individuals use to make choices that guide their
behavior.

• Ethical Frameworks

o Widely used standards

o Utilitarian: provides the best or does the least harm

 o Rights: best protects and respects the moral rights of the affected parties

• The rights to make one’s own choices about what life to lead, to be told truth, to
not be injured and to enjoy a degree of privacy

o Fairness: treat all humans equally, or if unequally, then fairly, based on some defensible
standard

• Conditions that are important to the welfare of people: system of laws, effective
police and fire departments, health care, a public educational system and public
recreational areas

o Common Good: respect and compassion for all others is the basis for ethical actions.

o Deontology approach: morality of an action is based on the action itself is write or

wrong under as set of rules. e.g. killing someone is wrong, even in self defense.

Two Frameworks for Ethics:

1. Traditional ethical approach

2. GVV (Giving Voice to Values) approach

Traditional Approach for Resolving Ethical Issues (left column TABLE 3.1)

1. Recognize an ethical issue

 Could this decision or situation damage someone or some group?

2. Get the facts

 What are the relevant facts of the situation?

3. Evaluate alternative actions

 Which option will produce the most good and do the least harm? (the utilitarian approach)

4. Make a decision and test it

 Considering all the approaches, which option best addresses the situation?, Act and reflect on
the outcome of your decision

Giving Voice to Values (GVV) Approach (right column TABLE 3.1)

1. Identify an ethical issue

 What are the different issues that give rise to this ethical issue?

2. Purpose and choice

  What personal choices do you have in reacting to this ethical issue?

3. Stakeholder analysis

 Who is affected by the ethical issue?

4. Powerful response

 What types of things could I say to provide a response to the ethical issue?

5. Scripting and coaching

 What words (script) could I use when talking about the ethical issue? (consider both positive and
negative responses)

Ethics in the Corporate Environment

 Code of ethics: a collection of principles intended to guide decision making by members of the
organization.

• Fundamental tenets of ethics:

o Responsibility: means that you accept the consequences of your decisions and actions

o Accountability: refers to determining who is responsible for actions that were taken

o Liability: is a legal concept that gives individuals the right to recover the damages done
to them by other individuals, organizations, or systems

• What is unethical is not necessarily illegal

Ethics and Information Technology

 Employee’s have the responsibility to encourage ethical uses of information/information

technology

• Four general categories of ethical issues related to IT:

1. Privacy issues: involve collecting, storing, and disseminating information about

individuals

2. Accuracy issue: involve the authenticity, fidelity, and correctness of information that is
collected and processed

3. Property issue: involve the ownership and value of information

 4. Accessibility issue: revolve around who should have access to information and whether
they should pay a fee for this access

3.2 Privacy

Privacy: the right to be left alone and to be free of unreasonable personal intrustions

• Introduction privacy: the right to determine when, and to what extent information about you
can be gathered or communicated to others.

Two Rules To Privacy:

1. The right of privacy is not absolute, privacy must be balanced against the needs of society
2. The publics right to know supersedes the individuals right of privacy
 Rapid advances in technology made it easier to collect, store and integrate vast amounts of data
on individuals in large databases (eg. surveillance cameras on roads, at work, in public places,
telephone calls)
• Digital dossier: An electronic description of an individual and their habits (eg. comes from data
from surveillance listed above)
• Profiling: process of forming a digital dossier
• Data aggregators: collect public data and non-public information (eg. financial data, motor
vehicle records, social security numbers) then integrate the data to form digital dossiers to
which they sell to law enforcement agencies.

Electronic Surveillance

• Electronic Surveillance: rapidly increasing, with the emergence of new technologies, conducted
by employers, the government and other institutions.
• Examples: Surveillance cameras in airports, subways, banks, and other public venues
• Inexpensive digital sensors are found in laptop webcams, video game sensors, smartphone
cameras, utility meters, passports, and identification cards to which increase monitoring of
human activity.
• Smartphones create geotags (embedding images with longitude and latitude of the location
shown in the image)
• Google and Microsoft Street view images
• Facial recognition technologies
• (SCS) Social Credit Score used in China where citizens are given scores based on monitorization
of individuals spending habits, behaviors, and how they pay bills affects their eligibility for
services.
• Drones – can be used for aerial surveillance.
• Employer surveillance of employee’s internet use, employee’s emails, URL filtering (software to
block connections to inappropriate websites)

IT’s About Business 3.3:

Licence Plate Readers

Consider:
 • How else could licence plate and driver’s licence data be used?

• Is this a possible invasion of privacy when combined with geographic positioning data?

Personal Information in Databases

-Information on individuals is kept in many databases

• Personal data locations and record keepers

o Credit reporting agencies

• Most visible locations of records

o Banks and financial institutions

o Utility companies

o Employers

o Hospitals

o Schools

o Government agencies (Canada Revenue Agency, province, municipality)

• Major concerns about information you provide record keepers

o Do you know where the records are?
o Are the records accurate?
o Can you change inaccurate data?
o How long will it take to make a change?
o Under what circumstances will personal data be released?
o How are the data used?
o To whom are the data given or sold?
o How secure are the data against access by unauthorized people?

IT’s About Business 3.4:

India’s Aadhaar System

Consider:

• How would you feel if your province implemented a fingerprint identification system?

• Do you use biometric (fingerprint) identification with your smartphone or computer? Why or
why not?
• Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites

• Blog: an informal, personal journal that is frequently updated and is intended for
general public reading

• Free speech versus privacy on the Internet

• Derogatory information can influence hiring decisions.

• Little to no recourse for victims

• Privacy Codes and Policies

• An organization’s guidelines for protecting the privacy of its customers, clients, and
employees.

• Methods of informed consent:

• Opt-out model: permits the company to collect personal information until the customer
requests that the data not be collected.

• Opt-in model: prohibits an organization from collecting any personal information unless
the customer authorizes it.

• Platform for Privacy Preferences (P3P)

• A protocol that automatically communicates privacy policies between a website and its
visitors

• Canada’s privacy legislation is PIPEDA (Personal Information Protection and Electronic

Documents Act

• International Aspects of Privacy

• Presents three sample sections:

1. data collection

• Data should be collected on individuals for the purpose of accomplishing a

legitimate business objective.

• Data should be adequate, relevant, and not excessive in relation to the business
objective.

• Individuals must give their consent before data pertaining to them can be
gathered. Such consent may be implied from the individual’s actions (e.g.,
applications for credit, insurance, or employment).

2. data accuracy

• Sensitive data gathered on individuals should be verified before they are

entered into the database.
 • Data should be kept current, where and when necessary.

• File should be made available to individual to ensure correctness.

• If a disagreement about accuracy of data, the individual’s version should be

noted and included with any disclosure of the file

3. data confidentiality

• Computer security procedures should be implemented to ensure against

unauthorized disclosure of data. These procedures should include physical,
technical, and administrative security measures.

• Third parties should not be given access to data without the individual’s
knowledge or permission, except as required by law.

• Disclosures of data, other than the most routine, should be noted and
maintained for as long as the data are maintained.

• Data should not be disclosed for reasons incompatible with the business
objective for which they are collected.

• Guidelines such as those in Table 3.3 help to:

1. Codify requirements for employees.

2. Provide a standard set of procedures.

3. Protect organizations from litigation.

4. Can be used as a measurement tool if disciplinary action is required.

IT’s About Business 3.5:

Facebook and the Cambridge Analytica Data Scandal

Consider:

• Whether all personally identifiable data is confidential

• Whether you would be concerned if all of your Facebook data was made available to Facebook
app developer

• The global nature of the Internet complicates data privacy

• Approximately 50 countries have data-protection laws

o Inconsistent standards from country to country

o Transborder data flow – the absence of consistent or uniform standards of privacy and
security obstructs the flow of information among countries
 o GDPR – data protection law in EU

• Covers personal data (information used to identify a person) & sensitive data
(encompasses genetic data, racial information, sexual orientation, trade union
membership, etc.)

• GDPR applies to data controllers (organizations that have relationships with

data subjects) and data processors (organizations that work for data controllers
and process personal data on the controller’s behalf)

• GDPR defines a natural person as a living human being and a data subject as a
human being whose data an organization has or processes.

• GDPR states that data controllers and data processers need to keep minimal
data that is accurate, secured and retain the data for as long as needed

• GDPR covers individuals rights that include:

• The right to know what organizations are doing with their data.

• The right to ask, at any time, for copies of all the data that organizations
have about them.

• The right to know an organization’s justification why it has their data

and how long it is planning to keep them.

• The right to have their data corrected, if needed.

• The right to have their data deleted. This provision is called the “right to
be forgotten.”

Chapter 2

Introduction

Competitive advantage: refers to any assets that provide an edge against its competitors (such as cost,
quality or speed)
 • An organizational strategy is a planned approach that the organization takes to achieve its goals
and mission statement

2.1 Business Processes

Business process: an ongoing collection of related activities or tasks that in a specific sequence create a
product or service of value to the organization, its business partners, and its customers.

Business process involves three elements:

1. Inputs: materials, services, and information that flow through and are transformed as a result of
process activities
2. Resources: people and equipment that perform activities
3. Outputs: the product or a service created by the process

Organizations measure how well these process activities are executed by:

1. Effectiveness: focuses on doing the things that matter

a. Measured as making high quality products or in a sales business process meeting a
monthly sales quota
2. Efficiency: focuses on doing things without wasting resources

TABLE 2.1 Examples of Business Processes (1 of 2)

Process involves cross-functional areas in an organization (eg. product development involves

research, design, engineering, manufacturing) Other processes involve a single functional area

Accounting Business Processes

Managing accounts payable Managing invoice billings

Managing accounts receivable Managing petty cash

Reconciling bank accounts Producing month-end close

Managing cash receipts Producing virtual close

Finance Business Processes

Managing account collection Producing property tax assessments

Managing bank loan applications Managing stock transactions

Producing business forecasts Generating financial cash flow reports

Applying customer credit approval and credit terms

Marketing Business Processes

Managing post-sale customer follow-up Handling customer complaints

Collecting sales taxes Handling returned goods from customers

Applying copyrights and trademarks Producing sales leads

Using customer satisfaction surveys Entering sales orders

Managing customer service Training sales personnel

Production/Operations Management Business Processes

Processing bills of materials Managing quality control for finished goods

Processing manufacturing change orders Auditing for quality assurance

Managing master parts list and files Receiving, inspecting, and stocking parts and
materials

Managing packing, storage, and distribution Handling shipping and freight claims

Processing physical inventory Handling vendor selection, files, and

inspections

Managing purchasing

Human Resources Business Processes

Applying disability policies Producing performance appraisals and salary

adjustments

Managing employee hiring Managing resignations and terminations

 Handling employee orientation Applying training and tuition reimbursement

Managing files and records Managing travel and entertainment

Applying health care benefits Managing workplace rules and guidelines

Managing pay and payroll Overseeing workplace safety

Management information Systems Business Processes

Antivirus control Applying e-mail policy

Computer security issues incident reporting Generating Internet use policy

Training computer users Managing service agreements and emergency

services

Computer user and staff training Applying user workstation standards

Applying disaster recovery procedures Managing the use of personal software

Cross-Functional Processes

• No single functional area is responsible

• Steps executed in a coordinated, collaborative way

• Requires multiple areas of an organization to produce a single output

• Example: procurement and fulfillment process uses three functional areas to acquire
merchandise

Procurement process: includes all of the tasks involved in acquiring needed materials externally from
vendor

Process (three different functional areas of the firm: warehouse, purchasing and accounting)

Warehouse recognizes need to procure materials, documents this need with a purchase
requisition which it sends to purchasing department
Purchasing department identifies a suitable vendor, creates a purchase order based on the
purchase requisition and sends the order to vendor.
When vendor receives purchase order, it ships materials which are then received in the
warehouse
 The vendor then sends an invoice which is received by the accounting department
Accounting sends payment to vendor, thereby completing the procurement process.

The fulfillment process: is concerned with processing customer orders

Process:

Customer purchase order that is received by the sales department

Sales then validates the purchase order and creates a sales order
The sales order communicates data related to the order to other functional areas within the
organization and it tracks its progress
Warehouse prepares and sends shipment to customer
Accounting is notified of the shipment, it creates an invoice and sends it to the customer
Customer makes payment, which accounting records

How can an Organization determine if their business processes are well designed?

Document the process by describing its steps, inputs and outputs and its resources
Analyze the process and modify to improve the performance

FIGURE 2.1 Business process for ordering an e-ticket from an airline website

Information Systems and Business Processes

IS facilitate communication and coordination among different functional areas and allow easy exchange
of, and access to, data across processes.

ISs play a vital role in three areas:

Executing the process

Capturing and storing process data
Monitoring process performance
Executing the Process

• IS’s help execute the process by:

o Informing employees when it is time to complete a task

o Providing required data

o Providing a means to complete the task

Capturing and Storing Process Data

• Processes generate data

o For example: dates, times, product numbers, quantities, prices, addresses, names, and
employee actions

• ISs capture and store the process data (aka transaction data)

• Immediate capturing and storing of data provides “real time” feedback

• Advantage – an IS data is only needed to be entered into a system compared to a manual

system or cross functional system

Monitoring Process Performance

• IS help to monitor the state of the various business processes

• IS evaluates information to determine how well a process is being executed

• Evaluations occur at two levels

1. Process (process as a whole)

2. Instance (a specific task or activity)

• Monitoring identifies problems for process improvement

1. IS performs role by comparing information with a standard set by the company to

determine if the process is performing within expectations

2.2 Business Process Reengineering, Business Process Improvement, and Business Process Management

Measures of Excellence in Executing Business Processes Include:

• Customer satisfaction: The result of optimizing and aligning business processes to fulfill
customers needs, wants, and desires

• Cost reduction: the result of optimizing operations and supplier processes

 • Cycle and fulfillment time reduction: the result of optimizing the manufacturing and logistics
processes

• Quality: the result of optimizing the design, development and production processes

• Differentiation: the result of optimizing the marketing and innovation processes

• Productivity: the result of optimizing each individual work process

Business Process Reengineering (BPR)

• Michael Hammer & James Champy, 1993, Reengineering the Corporation

• BPR:

o A radical redesign of an organization’s business processes to increase productivity and

profitability

o Examines business processes with a “clean slate” approach and determine how they
can reconstruct processes to improve business functions

• BPI:

o An incremental approach to move an organization toward business-process-centered

operations

o Focuses on reducing variation in process outputs (e.g. finished product) by identifying

the underlying cause of the variation (e.g. a broken machine on assembly line) or among
process inputs (e.g. a decline in the quality of raw materials purchased from a certain
supplier)

• Six Sigma is a popular methodology for BPI

o Goal to ensure that a process has no more than 3-4 defects per million outputs by using
statistical methods to analyze the process.

• Five basic phases of successful BPI

1. Define

• BPI team documents existing process activities, process resources, and process
inputs and outputs, and documents the customer requirements for the
process output, and description of the problem.

2. Measure
 • BPI team identifies relevant process metrics, such as time and cost to generate
one output (product or service) and collects data to understand how the
metric evolve over time.

3. Analyze

• BPI team examines the “as is” process map and the collected data to identify
problems with the process (eg. Decreasing efficiency and effectiveness) and
their root causes.

• Process simulation software < used during analysis phase

• Two benefits:

• Simulates a real situation (eg. With a certain number of people

undertaking activities) for a specific amount of time (eg.
working a day, week) to which it can then be estimated the
process performance over time

• Allows to create multiple scenarios (eg. Using a different

number of resources in the process or using a different
configuration for the process steps.

• Process simulation is risk-free and inexpensive test of an

improvement solution that does not need to be conducted
with real resources.

4. Improve

• BPI team identifies possible solutions for addressing root causes, maps the
resulting “to be” process alternatives, and implements the appropriate
solution.

• Eliminating process activities that do not add value to the output and
rearrange activities in a way that reduces delays or improves resource
use.

• Not to eliminate internal process controls – activities that

safeguard company resources, guarantee the accuracy of its
financial reporting, and ensure adherence to rules and
regulation.

5. Control

• BPI team establishes process metrics and monitors the improved process after
solution has been implemented to ensure the process performance remains
stable.

To sustain BPI efforts over time, organizations adopt

 Business process management: a management system that includes methods and toolds to
support the design, analysis, implementation, management and continuous optimization of
core business processes throughout an organization.
o Bpm components:
 business activity monitoring
 a real-time approach for measuring and managing business processes
 process modelling: graphical depiction of all the steps in a process

• Business Process Management Suite (BPMS)

o An integrated set of applications used for BPM that includes a repository of process
information such as process maps and business rules, tools for process modelling,
simulation, execution and coordination across functions

• Emerging trend of social BPM

o technology enables employees to collaborate across functions internally and externally

using social media tools to exchange process knowledge, and improve process execution

2.3 Business Pressures, Organizational Responses, and Information Technology Support

• Business Pressures

• Business environment: the combination of social, legal, economic, physical, and political
factors in which businesses conduct their operations

• Changes in these factors create business pressures

• Organizational Responses

Business Pressures

• Market pressures

• Pressures consist of the global economy, intense competition, the changing nature of
the workforce, and powerful customers

Globalization

• The integration and interdependence of economic, social, cultural, and ecological facets of life,
made possible by rapid advances in IT

• You and organizations you join will be competing with people and organizations from around
the world

• Pressure of cost of labour in a global market

Changing Nature of the Workforce

• The workforce is becoming more diversified

o Women

o Single parents

o Visible minorities

o Persons with disabilities

Powerful Customers

• Increasing consumer sophistication and expectations increase as they become more

knowledgeable on products and services.

• Consumer is more knowledgeable about

o Products and services

o Price comparisons

o Electronic auctions

• Organizations need to increase efforts to acquire and retain customers

Customer intimacy: learning as much as possible about customers to anticipate and address their needs
– a component of: Customer relationship management: effort toward maximizing customer experience

Technology Pressures

• Technological innovation and obsolescence

o Rapid development of both new and substitute products and services (eg. New versions
of smartphones being released quickly)

• Information overload

o Vast stores of data, information, and knowledge (internet doubles in information every
year)

o Difficulties in managing data for decision making

o To make effective decision, managers must be able to access, navigate and use these
vast stores of data, information, and knowledge.

Societal/political/legal pressures
 Business pressures that include social responsibility, government regulation/deregulation,
spending for social programs, spending to protect terrorism, and ethics.

• Social issues range from the state of the physical environment, to company and individual
philanthropy to education

• Organizational social responsibility: efforts by organizations to solve various social

problems

• Green IT < IT initiatives addresses pressing environmental concerns

Going Green In Three Areas:

• Facilities design and management:

• More environmentally sustainable work environments

• Leadership in Energy and Environmental Design, managed by Canada Green

Building Council: a non-profit group that promotes the construction of
environmentally friendly buildings

• Carbon management

• Systems developed to monitor carbon throughout the organization and supply

chain in efforts to reduce carbon footprints

• IT employees need to become more knowledgeable about embedded carbon

and how to measure it in products.

• International and Canadian provincial environmental laws

• It executives must deal with federal and provincial laws and international
regulations that impact IT products they buy, how they dispose of them, to their
company’s carbon footprint.

• Digital Divide

• Refers to the gap between individuals who have access to information and
communications technologies and those who do not.

• One Laptop per Child (OLPC): one.laptop.org: non-profit organization dedicated to

making an inexpensive laptop aimed to educate children

Compliance with Government Regulations

• Business pressures relating to government regulations regarding health, safety, environmental

protection, and equal opportunity
 • Canadian Sarbanes-Oxley Act (C-SOX) (Bill 198) affects collection and management of
information

• PIPEDA (Personal Information Protection and Electronic Documents Act): law affecting the
collection of information and management of information

• Organizations need to protect their information to prevent fraudulent or fictious transactions or

identity thrift

• Information technology used to identify and protect against terrorists and cyberattacks

• Association of Certified Fraud Examiners (www.acfe.com)

• Canada’s Canada Border Service Agency (CBSA)

• Include collection of fingerprints, photos and iris and retina scanners that are into
government databases

• Watch lists to check identities

• Department of Homeland Security’s (DHS) Office of Biometric Identity Management (OBIM)

program

Ethical Issues

• Ethics: General standards of right and wrong

• Issues include:

o Information-processing activities – relates to standards of right and wrong in

information processing practices

It raises ethical issues of:

o Monitoring employee email

o Privacy of customer data

Organizational Responses

• Organizations are implementing It in different ways to respond to pressures

• Strategic systems

• Systems that provide organizations with advantages that enable them to increase their
market share and profits to better negotiate with suppliers and prevent competitors
from entering their markets.
 • Customer focus

• Organizations provide customer service to retain customers versus losing them to

competitors.

• It tools and business processes designed to keep customers happy

• Make-to-order and mass customization

• a strategy of producing customized (made to individual specifications) products and

services

• Consumer segmentation: companies provide standard specifications for different

consumer groups or segments

• Configured mass customization: companies offer features that allow each shopper to
customize their product or service with a range of components.

• Mass customization: a company produces a large quantity of individual customized

items

• E-business and e-commerce

• Conducting business electronically is essential strategy for companies in today’s market

• Electronic e-commerce: describes the process of buying, selling, transferring, or

exchanging products, services, or information through computer networks including the
internet

• E-business: refers to servicing customers, collaborating with business partners, and

performing electronic transactions within an organization

2.4 Competitive Advantage and Strategic Information Systems

Competitive strategy: a business approach to compete, its goals, and the plans and policies that will be
used to carry out those goals

- Competitors will try to prevent you from reaching your goals to which you have to counter
their moves.

Strategic information System: provides a competitive advantage by helping an organization implement

its strategic goals improve its performance and productivity

- An information system that helps to achieve a competitive advantage or reduce a

competitive disadvantage

Porter’s Competitive Forces Model

 - Porter’s model five major forces that endanger or enhance a company’s position in a given
industry

1. Threat of entry of new competitors

- Threat is high when entry is easy and low when there are barriers to entry

 Entry barrier: a product or service feature that customers have learned to

expect from an organization in a certain industry/an organization trying to enter
this market must provide this product or service at a minimum to be able to
compete.

 Web increases threat of entry by reducing traditional barriers to entry such

as need for sales force or physical storefront
o Intermediation role: link between buyer and sellers – threat of
increased competition due to the web

2. Bargaining power of suppliers

- Supplier power is high when fewer buyer choices and low when many buyer choices

 More suppliers = more negotiation to price, delivery and quality terms for
organizations

3. Bargaining power of customers (buyers)

- Buyer power is high when many choices to buyer and low when buyer has fewer choices

 Loyalty programs reduce buyer power by rewarding customers based on the

amount of business they conduct with an organization

4. Threat of substitute products or services

- New technologies create substitutes rapidly

- Information-based industries experiences the greatest threat from substitutes as digitized

information can be replaced efficiently at a low cost

- Switching costs: a strategy used to prevent substitution by imposing costs in money and
time if chosen to buy elsewhere

5. Rivalry among existing firms within the industry

- Threat of rivalry is high when competition is amongst many firms and low when competition
is amongst a few firms and it isn’t as intense.

Porter’s Value Chain Model

 Activities to which competitive strategies is used for greatest impact.

 • Value chain

o A sequence of activities through which the organization’s inputs are transformed into
valuable outputs

• Primary activities

o Relate to production and distribution of products and services

• Support activities

o Support primary activities contributing to competitive advantage

Porters Value Chain

examples of primary and support activities in the value chain of a manufacturing company

• Five primary activities for manufacturing

1. Inbound logistics (inputs)

2. Operations (manufacturing and testing)

3. Outbound logistics (storage and distribution)

4. Marketing and sales

5. Services

• As work progresses value is added to the product in each activity

1. The incoming materials are processed (in receiving, storage, and so on) in activities
called inbound logistics.
2. The materials are used in operations, in which value is added by turning raw materials
into products.
3. These products are prepared for delivery (packaging, storing, and shipping) in the
outbound logistics activities.
4. Marketing and sales sell the products to customers, increasing product value by creating
demand for the company’s products.
5. Finally, the company performs after-sales service for the customer, such as warranty
service or upgrade notification, adding further value.

Support Activities

• Four support activities

 1. Firm infrastructure (accounting, finance, management)

2. Human resources management

3. Product and technology development (R&D)

4. Procurement

Value system: A stream of activities that includes the producers, suppliers, distributors, and buyers, all
of whom have their own value chains.

Strategies for Competitive Advantage

-firms choice of strategy involves trades-offs from other investments in the organization

 Cost leadership: produce products and services at the lowest cost in the industry
• Differentiation: offer different products, services, and product features than your competitors
• Innovation strategy: introduce new products and services, add new features to existing products
and services and develop new ways to produce them
• Operational effectiveness: improve internal business process to perform more effectively in
these activities than your rivals (improvements include productivity, increase quality, and
employee and customer satisfaction)
• Customer orientation: concentrate on making customers happy
• Web based systems can improve customer satisfaction by creating a personalized, one-
to-one relationship with the customer.

Business–Information Technology Alignment

 Business information technology alignment: the integration of the it functions with the
organizations strategy, mission and goals
o Best way to maximize strategic value of it

Six characteristics of excellent alignment:

1. Organizations view IT as an engine of innovation that continually transforms the business, often
creating new revenue streams

2. Organizations view their internal and external customers and their customer service function as
supremely important

3. Organizations rotate business and IT professionals across departments and job functions

4. Organizations provide overarching goals that are completely clear to each IT and business
employee
 5. Organizations ensure that IT employees understand how the company makes (or loses) money

6. Organizations create a vibrant and inclusive company culture

Why do organizations fail to realize importance of IT alignment and Business?

1. Business managers and it managers have different objectives

2. The business and it departments are ignorant of the other groups expertise
3. Lack of communication

 SOLUTION: offer a collaborative environment in the organization where the it

executives and business can communicate freely and learn from each other

Information Technology Governance

• Helps organizations effectively manage their IT operations to align with business strategies

• Part of an organization’s overall corporate governance

• Provides a framework and structure for organizations to ensure that IT investments

support business objectives

• Includes using an IT steering committee

Chapter 4 Introduction

Lessons In This Chapter

 Its impossible to provide perfect security for an organizations data

 Growing danger that countries are engaging in economic cyberwarfare
 It is impossible to secure the internet

 Information security is important to small businesses as they have fewer resources to be

crippled by a data breach.

Misuse of Information Technologies Consider the following scenarios:

1. Individuals can have their identities stolen

2. Organizations can have customer information solen, leading to financial losses, erosion of
customer confidence and legal actions.
3. Countries face the threats of cyberterrorism and cyberwarfare, terms for internet based attacks

Direct Costs of a Breach

  Hiring a forensic expert
 Notifying customers
 Setting up telephone hotlines to field queries from concerned customers
 Offering free credit monitoring
 Providing discounts for future products and services
 Loss of business from increased customer turnover (customer churn – a decrease in
customer trust)

4.1 Introduction to Information Security

Security: defined as the degree of protection against criminal activity, danger, damage, or loss

Information security: refers to all the processes and policies designed to protect an organization
information and information systems from unauthorized access, use, disclosure, disruption,
modification, destruction.

 Organizations employ IS that are subject to myriad threats

Threats: any danger to which a system can be exposed

Exposure: the harm, loss, or damage that can result if a threat compromises that resource

Vulnerability: possibility that a threat will harm that resource

• Five factors contributing to vulnerability of organizational information resources:

o Today’s interconnected, interdependent, wirelessly networked business environment

• Organizations/individuals are exposed to a large number of untrusted networks

& potential attackers

• Trusted network: any network within your organization

• Untrusted network: any network external to your organization

o Smaller, faster, cheaper computers and storage devices

• Easier to steal or lose a computer or storage device that contains sensitive

information with these characteristics.

o Decreasing skills necessary to be a computer hacker

• Internet contains information and computer programs called scripts – used to

download and attack any information system that is connect to the internet.

o International organized crime taking over cybercrime

• Cybercrime: refers to illegal activities conducted over computer networks,

particularly the internet

o Lack of management support

 • Security policies must be taken seriously

4.2 Unintentional Threats to Information Systems

• Human Errors

• Social Engineering

Two major categories:

1. Unintentional threats
2. Deliberate threats

Human Errors: Risk Areas

 Higher level employees + greater access privileges = greater threat

 Two areas pose significant threats:

o Human resources

 Have access to sensitive personal information

o Information systems

 IS employees control the means to create, store , transmit, and modify

organizational data they can get access to.

 Other areas of threats:

o Contract labour, consultants, janitors, and guards

Human Errors: Mistakes

 Result of laziness, carelessness, or a lack of awareness concerning information security (due to

poor education and training)

Other Mistakes:

 Carelessness with computing devices (e.g., laptops, tablets, smartphones)

 Opening questionable emails

o Opening emails from unknown

 Careless Internet surfing

o Accessing questionable websites

 Poor password selection and use

 Carelessness with one’s office

o Not logging off computer or leaving cabinets and desks unlocked.

  Carelessness using unmanaged devices

o Unmanaged devices: outside the control of an organizations it department and security

procedures. These devices include computer belonging to customers and business
partners, computers in business centers of hotels, libraries, and other public shared
equipment

 Carelessness with discarded equipment

 Careless monitoring of environmental hazards

o Dirt, dust, humidity and static electricity that is harmful to the operation of computing
equipment

 Attackers employ software engineering to induce individuals to make

unintentional mistakes and disclose information.

Social Engineering

• Social engineering:

o An attack in which the perpetrator uses social skills to trick or manipulate legitimate
employees into providing confidential company information such as passwords

• Example: Kevin Mitnick, famous hacker and former FBI’s most wanted

Two Other SE Techniques:

 Tailgating: a technique designed to allow the preptrator to enter a restricted area that is
controlled with locks or card entry by following behind a legitimate employee who gains entry.
 Shoulder surfing: occurs when a perpetrator watches an employees screen over their shoulder.

4.3 Deliberate Threats to Information Systems (1 of 2)

• Espionage or trespass

• Occurs when an unauthorized individual attempts to gain illegal access to organizational

information

• Competitive intelligence: consists of legal information gathering techniques (ex:

attending trade shows, studying a company websites)

• Industrial espionage: crosses the legal boundary (ex: theft or confidential data)

• Information extortion
 • Occurs when an attacker either threatens to steal, actually steals, information from a
company

• Perpetrator demands payment for not stealing the information, for returning
stolen information, or for agreeing not to disclose the information

• Sabotage or vandalism

• Deliberate acts that involve defacing an organizations website, damaging the

organizations image and causing customers to lose faith in the organizations.
• Online vandalism forms is hacktivist or cyberactivity operation

• Theft of equipment or information

• Smaller computing devices and storage devices have increased risk of being stolen

• Dumpster diving: a form of theft that involves going through residential or commercial
trashcans to find discarded information

• Identity theft

• A deliberate assumption of another person’s identity, usually to gain access to their

financial information or to frame them for a crime

• Techniques for obtaining persons information:

• Stealing mail or dumpster diving

• Stealing personal information in computer databases

• Infiltrating organizations that store large amount of personal

information

• Impersonating a trusted organization in an electronic communication

• Compromises to intellectual property

• Property created by individuals or corporations that is protected under a trade secret,

patent, and copyright laws

• Trade secret: an intellectual work, such as a business plan that is a company

secret and not public information

• Patent: an official document that grants the holder exclusive rights on an

invention or a process for 20 years

• Copyright: a statutory grant that provides the creators or owners of intellectual

property with ownership of the property for the life of the creator plus 50 years.
 • Under copyright law piracy – the copying of a software program (other
than freeware, demo, software, etc) without making payment to the
owner

• Software attacks

• Malware: malicious software such as viruses and worms

• Three categories of software attacks

• Remote attacks requiring user action

• Remote attacks requiring no user action

• Software attacks initiated by programmers during the development of a

system

• Two software attacks:

• Ransomware: digital extortion, blocks access to a computer system or

encrypts an organizations data until the organization pays a sum of
money

• Attackers take a “Freemium approach” offering to decrypt some

data for free to show victims they can get all of the data if they
pay the random

• Methods of Attack:

• Spear phishing: An attack in which the perpetrators find

out as much information about an individual as possible
to improve their chances that phishing techniques will
obtain sensitive, personal information.

• Attack mobile devices, computers, etc

• Ransomware developers distribute ransomware to any

hacker who wants to use it known as ransom-as-a-
service.

• Two ransomware variants

• First variant offers the decryption key to a

victim if the victim provides a link to the
ransomware to two other people or companies
that pay ransom.

• Second variant, hackers pretend to be job

hunters in an effort to infect corporate human
resource systems.
 • Other: cybercriminals threaten to
release information to the public known
as doxing

The Costs of Ransomware

• The longer your network is unavailable due to malware the more it will cost your organization
• Additional costs from investing into additional cybersecurity software and to pay for additional
staff training
• Risk of customers losing trust

Protection against Ransomware

• Education and training to make users aware of phishing attacks and do not click suspicious
emails or links in emails
o Situational tests for employees to make decisions on a series of events and finding out
the consequences of those decisions at the end of the exercise.
• Install latest versions of software
• Employ a real time monitoring system that can stop ransomware immediately.
• Evidently, pay the ransom
• Become aware of the no more ransom initiative which offers information and advice on
avoidance of ransomware as well as decryption tools for types of ransomware to help victims
retrieve encrypted data.

• Whaling attack: a targeted attempt to steal sensitive information from a

company such as financial data or personal details about employees

• Trick an executive to reveal personal data

Types of Software Attacks

Remote Attacks Requiring User Action

• Virus

• Segment of computer code that performs malicious actions by attaching

to another computer program.

• Worm

• Segment of computer code that performs malicious actions and will

replicate, or spread, by itself (without requiring another computer
program).

• Phishing attack
 • Uses deception to acquire sensitive personal information by
masquerading as official looking emails or instant messages.

• Spear phishing

• Targets large groups of people. The perpetrators find out as much

information as they can about an individual, tailoring their phishing
attacks to improve the chances that they will obtain sensitive, personal
information.

Remote Attacks Needing No User Action

• Denial-of-service attack

• An attacker sends so many information requests to a target computer

system that the target cannot handle them successfully and typically
crashes (ceases to function).

• Distributed denial-of-service attack

• An attacker first takes over many computers, typically by using malicious

software. These computers are called zombies or bots. The attacker
uses these bots—which form a botnet—to deliver a coordinated stream
of information requests to a target computer, causing it to crash.

Attacks by a Programmer Developing a System

• Trojan horse

• Software programs that hide in other computer programs and reveal

their designed behaviour only when they are activated.

• Back door

• Typically a password, known only to the attacker, that allows them to

access a computer system at will, without having to go through any
security procedures (also called a trap door).

• Logic bomb

• A segment of computer code that is embedded within an organization’s

existing computer programs and is designed to activate and perform a
destructive action under specific conditions, such as at a certain time or
date.

• Alien software

• A clandestine software that is installed on your computer through duplicitous methods

• Adware – software that causes pop up advertisements to appear on your screen

 • Cookies: small amounts of information that websites store on your computer,
temporarily or permanently

• Tracking cookies: can be used to track your path through a website, the
time you spend on there, what links you click on and other details are
recorded.

• Spamware: a pestware that uses your computer as a launchpad for spammers.

• Spam: an unsolicited email, usually for advertising

• Spyware – a software that collect personal information about users without

their consent

• Two types:

• Keystroke loggers: record both your individual keystrokes and

your internet browser history

• Screens scapers: records a continuous movie of screens

contents rather than simply recording keystrokes.

• Supervisory control and data acquisition (SCADA) attacks

• SCADA systems are used to monitor or to control chemical, physical, and transport
processes such as those used in oil refineries, water and sewage treatment plants,
electrical generators and nuclear power plants

• If attackers gained access disruption can be caused to the power grid over a large area
or upsetting operations of a nuclear plant

• Cyberterrorism and cyberwarfare

• Cyberterriosm: refer to malicious acts in which attackers use a targets computers

systems, to cause physical, real-world harm or disruption often to carry out a political
agenda

• Carried out by individuals and groups whereas cyberwarfare is carried out by

nation states

4.4 What Organizations Are Doing to Protect Information Resources

• In order to protect organizations are using government assistant, organizing an appropriate

defense system and performing risk management

• Risk: the probability that a threat will impact an information resource

• Risk management – is to identify, control and minimize the impact of threats (consists of three
processes)
 • Risk analysis: involves three steps, 1 – assessing the value of each asset being protected,
2- estimating the probability that each asset will be compromised, 3 – comparing the
probable costs of the assets being compromised with the costs of protecting that asset

• Risk mitigation: organizations takes actions against risks

• Two functions:

• Implementing controls to prevent identified threats from occurring

• Developing a means of recovering if the threat becomes a reality

Risk-mitigation strategies

• Risk acceptance: accept the potential risk, continue operating with no controls, and absorb any
damages that occurs
• Risk limitation: limit the risk by implementing controls that minimize the impact of the threat
• Risk transference: transfer the risk by using other means to compensate for the loss such as
purchasing insurance.

4.5 Information Security Control

Controls: defense mechanism used to safeguard assets, optimize the use of the organization
resources, and prevent or detect errors or fraud

 Most valuable control is education and training

• Categories of Controls

• Security is only one aspect of operational control (which is part of general controls)

• Controls come in “layers”

• Control environment: Controls that encompass management attitudes toward controls, as

evidenced by management actions, as well as by stated policies and procedures that address
ethical issues and the quality of supervision

• General controls: apply to more than one functional area (eg. Passwords)

• Application control: controls specific to one area (eg. Payroll)

• Security controls: designed to protect all of the components of an information systems

including data, software, hardware and networks.

• Encompasses management attitudes toward controls, as evidenced by management actions, as well

as by stated policies that address:

• Ethical issues

• Quality of supervision
Three Categories Of General Control:

• Physical Controls:

• Prevent unauthorized individuals from gaining access to a company’s facilities

Examples:

• Walls, doors, fencing, gates, locks

• Badges, guards, alarm systems

• Pressure sensors, temperature sensors, motion sensors

• Access Controls

• Restrict unauthorized individuals from using information resources

• Logical controls: implemented by software

• Logical controls (implemented by software) help to provide controls such as:

• Authentication: confirms the identity of the person requiring access

• Methods to authenticate

• Something the user has

• Authentication includes regular identification cards (eg.

Have id and signatures), smart id cards (have an embedded
chip stores pertinent information about the user), tokens
(embedded chips and a digital display that presents a login
number that an employee use to access the organizations
network)

• Something the user does

• Includes voice and signature recognition

• Voice recognition – user speaks a phrase that has

been previously recorded to match

• Signature recognition: the user signs their name,

and the system matches this signature with one
recorded previously.

• Something the user knows.

• An authentication mechanism that includes passwords and

passphrases
 • Use strong passwords (a passphrase – a series of characters
that is longer but easier to remember)

Password Controls Need to be Supported at All 3 Control Levels

1. Control environment: Policies that enforce the proper management of user codes and
passwords

2. General control: A security system that requires a user ID and password to “log on”

3. Functional application control: Separate passwords for sensitive functions, e.g., employee raises
or write-off of customer accounts

• Multifactor authentication: more than one type of

authentication

• Three factor authentication

• Something the user is

• Known as biometrics: an authentication method that

examines a persons innate physical characteristics

• Two categories

• Active methods: require the user to

physically participate in the verification
process by taking an action like speaking,
placing a finger or eye near a scanner, other
actions

• Passive methods: capable of identifying a

person without their active participation
(eg, voice regnition)

• Authorization: determines which actions, rights, or privileges the person has, based
on their verified identity

• Privilege: a collection of related computer system operations that a user is

authorized to perform

• Least privilege: A principle that users be granted the privilege for some
activity only if there is a justifiable need to grant this authorization.

• Communication Controls
 • Communication controls: secure the movement of data across networks.

• Firewalls: a system that prevents a specific type of information from moving

between untrusted networks, such as the internet, private networks and your
company’s network

• Firewall prevents unauthorized internet users from accessing private

networks, all messages leaving and entering pass through the firewall,
examines each message and blocks those that do not meet security rules.

• Demilitarized zone: location between two firewalls

• Internet first passes through the external firewall, if conforming to security

rules, they are sent to company servers located in the DMZ.

 Dangers of viruses and worms causes organizations to place firewalls inside

their private networks

Anti-Malware

Anti-malware systems: also called antivirus software are software packages that attempt to identify
and eliminate viruses and worms, and other malicious software.

o Systems filter traffic according to a database of specific problems, these systems create
definitions, or signatures, of various types of malwares, then update these signatures in their
products. The anti-malware software then examines suspicious computer code to determine
whether it matches a known signature. If the software identifies a match, then it removes the
code.

Whitelisting and Blacklisting

• Whitelisting: a process in which a company identifies the software that it will allow run on its
computer
 • Blacklisting: A process in which a company identifies certain types of software that are not
allowed to run in the company environment

Encryption

Encryption: the process of converting an original message into a form that cannot be read by anyone
except the intended receiver

o All encryption systems use a key, which is the code that scrambles and then decodes the
messages
o Public-key encryption: known as asymmetric encryption – uses two different keys (private &
public)
o Public and private key with data encrypted in one key that can decrypt the other.
 Ex: if Hannah wants to send a message to Harrison, first she obtain Harrison’s
public key (locking key), which she uses to encrypt her message (message in
two-lock box, when Harrison receives message he uses his private key to
decrypt it.

FIGURE 4.4 How public key encryption works

o A more complex system is used for organizations

o Certificate authority: acts as a trusted intermediary between the companies.
 The certificate authority issues digital certificates and verifies the integrity
of those certificates
o Digital certificate: is an electronic document attached to a file that certifies that the
file is from the organization that it comes to be from and has not been modified
form original format.

• Virtual private networking

• Is a private network that uses a public (usually the internet) to connect users

• Several advantages include: First, they allow remote users to access the company
network, second they provide flexibility, third organization can impose their security
policies through VPNs

• Tunnelling: encrypts each data packet to be sent and places each encrypted packet
inside another packet – proves secure transmissions
 • Transport layer security (TLS)

• Formerly called secure socket layer or SSL its an encryption standard used for secure
transactions such as credit card purchases and online banking

• Employee monitoring systems

• Employee monitoring systems: Systems that monitor employees’ computers, email

activities, and Internet surfing activities.

• Identifies which employees spend too much time surfing, who visits
questionable websites, who download music illegally

Application Controls

o Application controls: security countermeasures that protect specific applications in functional

areas

• Controls that apply to individual applications (functional areas), e.g., payroll

• The text describes three categories: input, processing, output

• Input controls: programmed routines that edit input data for errors before they
processed

• Processing controls: programmed routines that perform actions that are part of the
record keeping of the organization, reconcile, and check transactions, or monitor the
operations of applications.

• Output controls: programmed routines that edit output data for errors or help to ensure
that output is provided only to authorized individuals.

• It is more common to consider the purpose of application controls for input, processing, and
output using: accuracy, completeness, authorization, and an audit trail (documentation)

Business Continuity Planning (BCP) (1 of 2)

o Business continuity planning: a chain of events linking planning to protection and to

recovery
o Several strategies can be employed for business continuity:
 Hot site: a fully configured computer facility with all of the company’s services,
communications links, and physical plant operations. A hot site duplicates
 computing resources, peripherals, telephone systems, applications, and
workstations.
 Warm site: provides the same services as a hot site however doesn’t include the
actual applications the company needs such as providing computing equipment
such as servers but no work stations
 Cold site: provides rudimentary services and facilities such as building, heating,
air condition, and humidity control.
 Off-site storage: organization takes a duplicate copy of its data and software
(including operating systems) so that it can be taken to another computer and
used elsewhere.

o BCP’s purpose:

o Provide continuous availability

o Be able to recover in the event of a hardware or software failure or attack (e.g., due to
ransomware)

o Ensure that critical systems are available and operating

Information Systems Auditing

 Used to make sure that IS is performing as required

Audit: involves the accumulation and evaluation of evidence that is used to prepare a report about the
information or controls that are being examined, using established criteria and standards.

Information system audits: examination of information systems, their inputs, their outputs, and
processing. < assessment of efficiency and effectiveness

Types of Auditors and Audits

 External Auditors : referred to as independent auditors, work at a public accounting firm,

auditing financial statements
 Government auditors: work for the provincial or federal auditors general offices
 Canada Revenue Agency Auditors: audit compliance with tax legislation
 Internal auditors: work for specific organization and have the certified internal auditor
designation
 Specialist auditors can be from a variety of fields
 Information systems auditors may work for many organization and have a certified information
system auditor designation.

How IS Auditors Decide On Audits

 IS auditors conduct their work using a risk-based approach

 o Consider the likelihood of errors or fraud or the risk of organizations not following their
procedures, then design procedures to test compliance or the percentages of errors.

4.6 Personal Information Asset Protection

• Before deciding upon potential actions you need to take:

o Do an inventory of information you are using, storing, or accessing

o Relate your inventory to a personal risk assessment

• Use Table 4.4 to help enable changes to your methods of protecting your personal information
assets

Chapter 5

Difficulties of Managing Data (1 of 2)

• Data increases exponentially with time

• Data are scattered throughout organizations

• Data is collected through various methods & devices

• Multiple sources of data

• Generated from multiple sources - internal sources (e.g. corporate databases and
company documents), personal sources (e.g. personal thoughts, opinions, and
experiences), external sources (e.g. commercial databases, government reports,
corporate websites)

• Clickstream data: data that visitors and customers produce when they visit a website or
click on hyperlinks.

• New sources of data

• Data becomes outdated

• Blogs, podcasts, texts, RFID tags are constantly being developed and data these
technologies generate must be managed.

• Data becomes less current over time (eg, customers move to new addresses or change
their names)

• Data media rots

• Data rot: refers to problems with the media on which the data stored (eg. Temperature,
humidity, and exposure to light)
 • Data security, quality, and integrity may be compromised

• Legal requirements need to be met with appropriate data-storage methods or management

procedures

• Legacy IT systems or functional requirements may result in repetition (redundancy) or data

conflicts (inconsistency)

• High volumes of big data and the variety of data being collected increase complexity

• Solutions to these difficulties include effective data governance.

Two Factors Complicate Data Management:

1. Federal government regulations (eg. The Bill 198) (eg. Canadian equivalent to the U.S Sarbanes-
Oxley Act – require companies to account for how information is being managed within their
organizations)
a. Law in Canada requires.
i. Public companies evaluate and disclose the effectiveness of their internal
financial controls
ii. Independent auditors for these companies agree to this disclosure
2. Companies are drowning in unstructured data
3. Big Data (additional problem)

Data Governance

• Objectives: to enable available, transparent, and useful data, “a single version of the truth”

• Data governance: Provides a planned approach to data management for all types of data.

• Includes a formal set of business processes and policies for data handling.

• Requires well-defined, unambiguous rules (both manual and IT) to avoid functional
inconsistency.

• Rules address creating, collecting, handling, and protecting data.

Master data management

• Focus is on master data in all business processes.

• Goal is to effectively store, maintain, exchange, and synchronize master data.

• Master data: a set of core data, such as customer, product, employee, vendor,
geographic locations and so on.
 • Transactional data: which are generated and captured by operational systems, describes
the business activities or transactions.

• an example of a transaction: You (Mary Jones) purchase one Samsung 42-inch

LCD television, part number 1234, from Bill Roberts at Best Buy, for $2,000, on
April 20, 2020

• Intentions include providing consistency, accuracy, timeliness, and up-to-date master data

Transactional Data and Master Data

• Transactional data represents activities or events, such as a payroll cheque or customer invoice;
stored in transaction files or as tables as part of a database

• Master data are a set of core data, such as employee name, address, customer name, or
customer credit limit that are applied to multiple transactions; stored in a master file or as
tables as part of a database

5.2 The Database Approach

 Data was managed in a file management environment.
 Data file: a collection of logically related records

The Data Hierarchy

• Bit: represents the smallest unit of data a computer can process

• Byte: a group of eight bits, represents a single character, a byte can be a letter, a number or a
symbol

• Field: a logical grouping of characters into a word, a small group of words or an identifications
number

• Record: a logical grouping of related fields such as a students name, the courses taken, the date,
and the grade.

• Data file or table: a logical grouping of related records (eg. For example, a grouping of the
records from a particular course, consisting of course number, professor, and students’ grades,
would constitute a data file for that course)

• Database: a logical grouped of related files (eg. Student course file grouped with files on
students personal histories and financial backgrounds to create a student database)

Database Management Systems (DBMs) Minimize Three Main Problems of Previous Data Storage:

• DBMs are a set of programs with tools to create and manage databases
 • DBMs minimize:

o Data redundancy: the same data are stored in multiple locations

o Data isolation: Applications cannot access data associated with other applications

o Data inconsistency: Various copies of the data do not agree

Database Systems Maximizes:

• Data security: increases in high security measures to minimize mistakes and deter attacks due to
data being put in one place in databases

• Data integrity: Data meet certain constrains (eg. No alphabetical letters in aSIN)

• Data independence: applications and data are independent of one another

The Relational Database Model:

Database management system: a set of programs that provides users with tools to create and manage a
database

- Refers to the process of adding, deleting, accessing, modifying and analyzing data stored in a
database

• Key terms:

o Relational database model

• Based on the concept of two dimensional tables

• Usually called a flat tile – contains all of the records and attributes

o Data model

• A diagram that represents entities in the database and their relationships

o Entity

• A person, a place, a thing, or an event, such as a customer, an employee or a

product- about which an organization maintains information

o Instance

• refers to each row in a relational table, which is a specific unique representation

of the entity

• your university’s student database contains an entity called “Student” to

which an instance would be a particular student.

o Attribute
 • A characteristic or quality of a particular entity (eg. Customer name, employee
number, product color of an entity of a customer)

o Primary key

• A field that uniquely identifies that record so that it can be retrieved, updated
and sorted (eg. A student id)

o Foreign key

• A field or group of fields in one table that uniquely identifies a row of another
table

o Secondary key

• Another field that has some identifying information that typically doesn’t
identify the record

Organizations must manage huge quantities of data consisting of unstructured data and
structured data
o Structured data: is highly organized in fixed fields in a data repository such as a
relational database (data must be defined in terms of field name and type eg.
alphanumeric, numeric, and currency)
o Unstructured data: refers to data that do not reside in a traditional relational database
(eg. email messages, word processing documents, videos, images, audio files,
powerpoints presentations, Facebook posts, tweets, snaps.

FIGURE 5.3 Student database example

Defining Big Data:

Definition #1—Source: Gartner Research

• Diverse, high-volume, high-velocity information assets that require new forms of processing to
enable enhanced decision making, insight discovery, and process optimization
(www.gartner.com)
Second the Big Data Institute Defines Big Data as a dataset that:

Exhibit variety
Include structured, unstructured, and semi-structured data
Are generated at high velocity with an uncertain pattern
Do not fit neatly into traditional structured, relational databases
Can be captured, processed, transformed, and analyzed in a reasonable amount of time only by
sophisticated information systems

Big Data Generally Consist of:

• Traditional enterprise data

o Customer information from customer relationship management systems, general ledger

data, web store transactions operations data

• Machine-generated/sensor data

o Smart meters, automobiles. Manufacturing sensors; sensors integrated into

smartphones, automobiles, airplane engines, and industrial machines

• Social data

o Customer feedback, microblogging such as Twitter and other social media sites

• Images captured by billions of devices around the world

o Digital cameras, camera phones, medical scanners, and security cameras

Big Data: a collection of data that is large and complex and is difficult to manage using traditional
database management system

Big data is about predictions.

o Examples:
 The likelihood that an email message is spam;
 The likelihood that the typed letters “teh” are supposed to be “the”;
 The likelihood that the direction and speed of a person jaywalking indicates that
he will make it across the street in time, meaning that a self-driving car need
only slow down slightly.
 Big data contain huge amounts of data on which to base their
predictions.

Characteristics of Big Data

Big Data has three distinct characteristics:

• Volume: high volumes of traditional (e.g., invoices) and non-traditional data (e.g., clicks on
websites)

• Velocity: the rate at which data is flowing is increasing as new types of data, such as those
related to locations or products, are added to the data stream

• Variety: more and more types of data are being added, such as images, meter readings, and
product locations, and it changes rapidly

IT’s About Business 5.1:

Data from Connected Vehicles Is Valuable

Consider:

• What characteristics of big data are exhibited by data from cars?

• What features would you like to have in a car that would be facilitated by its data?

Issues with Big Data

• Can come from untrusted data sources

• Data comes externally and internally (eg. data from unstructured data might question
on how trustworthy it is)

• Big Data is dirty

• Refers to inaccurate, incomplete, incorrect, duplicate or erroneous data

• Big Data changes, especially in data streams

• Data quality in an analysis can change and data themselves can change because the
conditions under which the data are captured can change.

Managing Big Data

• When properly analyzed, big data can reveal valuable patterns and information

• Requires a database environment.

• Integrates an information silo – an information system that does not communicate with
other, related information systems in an organization

• Traditional relational database structures or NoSQL databases can be used

• Traditional relational database structures - traditional relational databases such as

Oracle and MySQL store data in tables organized into rows and columns. Each row is
 associated with a unique record, and each column is associated with a field that defines
an attribute of that account.

• NoSQL databases can manipulate structured and unstructured data, inconsistent data,
and missing data

• Open source solutions and new methods such as data lakes are also used

IT’s About Business 5.2:

Cloud Spanner, Google’s Global Database

Consider:

• How time stamping is an important component of recognizing a transaction’s uniqueness

• What does an organization have to do to back up its systems when its data and programs are
scattered all over the world?

Putting Big Data to Use

• Making big data available

• E.g. open data in the public sector that is used to create new businesses and solve
complex problems for individuals and businesses

• Enabling organizations to conduct experiments

• E.g. a group of visitors to an etsy page saw a top of the page that displayed additional
product images. Another group saw only the two original product images. On the page
with additional images, customers viewed more products and, significantly, bought
more products. The results of this experiment revealed valuable information to Etsy.

• Micro segmentation of customers

• Dividing customers into groups that share one or more characteristic.

• E.g. a restaurant gathers guest data from a variety of sources beyond loyalty and
gift programs, including social media. Analyzing this Big Data helps restaurants
client's microsegment their guests. Restaurant managers are now able to
precisely customize their loyalty and gift programs. Since they have taken these
steps, they are noting improved profitability and customer satisfaction in their
restaurants.

• Creating new business models

• Organizations can analyze more data

Big Data Used in Functional Areas of the Organization

• Human resources

o Managing employee benefits, Recruitment

• Product development

o Capturing customer preferences for use in product design

• Eg. Ford decided that conducting a full-scale market research test on their three
blink turn indicator would be too costly and time consuming. Instead, it
examined auto-enthusiast websites and owner forums to discover what drivers
were saying about turn indicators. Using text-mining algorithms, researchers
culled more than 10,000 mentions and then summarized the most relevant
comments.

• Operations

o Information technology to make operations more efficient

• E.g Consider United Parcel Service (UPS). The company has long relied on data
to improve its operations. Specifically, it uses sensors in its delivery vehicles that
can, among other things, capture the truck’s speed and location, the number of
times it is placed in reverse, and whether the driver’s seat belt is buckle

• Marketing

o Targeted efforts through improved customer understanding

• Eg. IHG initiating marketing messages to members of its priority club rewards
program to 12 customer groups defined by 4,000 attributes, One group, for
example, tends to stay on weekends, redeem reward points for gift cards, and
register through IHG marketing partners. Using this information, IHG sent these
customers a marketing message that alerted them to local weekend events.

• Government operations

o Traffic monitoring

• Eg. The growing availability of Big Data sources within London—for example,
traffic cameras and sensors on cars and roadways—can help create a new era of
smart transport. Analyzing this Big Data offers new ways for traffic analysts in
London to “sense the city” and enhance transport via real-time estimation of
traffic patterns and rapid deployment of traffic management strategies.

5.3 Data Warehouses and Data Marts

 Organizations must provide users access to corporate data they can analyze to make better
decisions.

Query by example: A method to obtain information from a relational database by filling out a grid or
template—also known as a form—to construct a sample or a description of the data desired.

• QBE is a method of creating database queries that allows the user to search for documents
based on an example in the form of a selected string of text or in the form of a document name
or a list of documents

• Describing Data Warehouses and Data Marts

• Data warehouses & data marts support business analytics – a broad category of
applications, technologies, processes for gathering, storing, accessing and analyzing data
to help businesses users to make better decisions

• Data warehouse

• A repository of historical data organized by subject to support decision makers in the

organization

• Data mart

• A low-cost, scaled-down version of a data warehouse designed for end-user needs in a

strategic business unit (SBU) or individual department

• Basic characteristics of data warehouses and data marts

• Organized by business dimension or subject

• data is organized by subject for example customer, vendor, product, price level,
and region.

• Use online analytical processing (OLAP)

• Involves the analysis of accumulated data end users

• accumulated data by end users

• Integrated

• Data is collected from multiple systems and is then integrated around subjects

• Eg. For example, customer data may be extracted from internal (and external)
systems and then integrated around a customer identifier, thereby creating a
comprehensive view of the customer.

• Time variant
 • Data warehouses and data marts maintain historical data over years that are
used to detect deviations, trends, and long-term relationships

• Nonvolatile

• Users cannot change or update data

• As stated previously data marts and warehouses reflect history to

identify and analyze trends

• Multidimensional

• Data marts and warehouses are stored in a multidimensional structure - Storage

of data in more than two dimensions; a common representation is the data
cube.

Data in data warehouses and marts are organized by business dimensions which are subjects
such as product, geographic area, and time period that represent the edges of the data cube.

A Generic Data Warehouse Environment Includes (1 of 2)

• Source systems that provide data to the warehouse or mart (e.g., point of sale or ERP systems)

• Data integration technology that processes and prepare the data for use (using SQL, custom
software or software packages)

• Storing the data handled by a variety of architectures, such as a data warehouse or functional
data mart (e.g., finance or human resources)

• Different tools and applications for a variety of users

• Metadata: data about the data in a repository, data quality and governance processes that
ensure that the warehouse or mart meets its purposes.

• Data quality issues: data cleansing needs to be used to ensure data meets users’ needs

• BI (business intelligence) governance: establishing people, committees and processes to

maintain the data warehouse and provide for changes in data types or processing

• Users: business value for users rises when data can be accessed quickly and easily for analysis or
consolidation

Components Parts of Generic Data Warehouse or Data Mart Environment

Source Systems
 Source systems are used when there is a business need for information requirements, bi
applications (business intelligence), and requirements for source system data.
Source systems range from operation/transactional systems, enterprise resource planning
systems, website data, third-party data (eg. customer demographic data,) and more.

Data Integration

Organizations need to extract the data, transform then and then load them into a data mart or
warehouse, a process called ETL

Data Extraction can be performed by:

1. Handwritten code
2. Commercial data integration software
Software makes it easy to:
1. Specify the tables and attributes in the source systems that are to be
used
2. Map and schedule the movement of the data to the target such as a
data mart or warehouse
3. Make the required transformation
4. Load the data
Data is extracted then transformed to be made useful, (eg. Data from different systems may be
integrated around a common key such as a customer identification number)

Storing the Data

Common architecture to store decision-support data is one central enterprise data warehouse
o The data in a one central enterprise data warehouse is accessed by all users & represent
the single version of the truth
Another architecture is independent data marts.
o Store data for a single application or a few applications such as marketing and finance
Another architecture is the hub and spoke.
o Contains a central warehouse that stores the data plus dependent data marts that
source their data from the central repository.
 Data of these marts comprise the single version of the truth for decision-
support purposes.

Metadata

Maintaining data about the data in a data warehouse

o Eg. IT personnel need information about data sources; database, table, and column
names; refresh schedules; and data-usage measures. Users’ needs include data
 definitions, report and query tools, report distribution information, and contact
information for the help desk.

Data Quality

The quality of the data must meet user needs.

o If data isn’t trusted users will not use it
o The quality of the data can be improved with a data-cleaning or improving quality at the
source system level

Governance

Organizations need to implement governance to plan and control BI activities

o Governance requires:
 People, committees and processes in place
 A senior level committee composed of vise president and directors that ensure
business strategies and BI strategies are in alignment, prioritize projects and
allocate resources.
 A middle management level committee that oversees projects in the BI portfolio
to ensure completion in accordance with company’s objectives
 Lower-level operational committees perform tasks such as creating data
definitions and identifying and solving data problems.

Users

Once data is loaded into a data mart or warehouse it is available, the organizations then obtain
value from BI that use this data.
BI users consist of: it develops, frontline workers, analysts, information workers, managers,
executives, suppliers, customers, and regulators.
User such as information producers whose role is to create information for other users
Other users including managers and executives - are information consumers they use
information created by others.
Benefits of data warehousing to users:
o End users can access needed data quickly and easily through web browsers because the
data is located in one place.
o End users can conduct extensive analysis with data in ways that were not possible.
o End users can obtain a strong view of organizational data

IT’s About Business 5.3:

Data Lakes

Consider:

• What are some examples of the types of data that could be in a data lake
 • What might organizations need to do before using data from the data lake that came from
multiple sources (e.g., comparing different types of data)?

5.4 Knowledge Management

Most companies knowledge assets is dispersed by email, presentations, word processing
documents, and in peoples heads in opposed to being housed in a relational database.

• Concepts and Definitions

Knowledge management: a process that helps organizations manipulate important knowledge that
makes up the organizations memory.

 Knowledge is information in action, also called “intellectual assets”

Explicit knowledge: deals with more objective, rational, technical knowledge

 Consists of the policies, procedural guides, reports, products, strategies, goals, core
competencies, and it infrastructure of the enterprise.
 Knowledge that has been codified in a form that can be transformed and distributed into a
process or a strategy

Tacit knowledge: the cumulative store of subjective or experiential learning

 tacit knowledge consist of organizations experiences. Insight, expertise, know-how trade

secrets, skill sets, understanding and learning, and culture that presents past organization
experiences through people and processes.
o Difficult to codify

• Knowledge Management Systems

Goal of KMS is to help organizations make use of the knowledge they accumulated.

• The use of modern information technologies—the Internet, intranet, extranets,

databases —to systematize, enhance, and expedite intrafirm and interfirm knowledge
management

• Make best practices (the most effective and efficient ways of accomplishing business
process- readily available to a wide range of employees) in managing knowledge
accessible to employee’s.

• Eg. Account managers tacit knowledge about how to best to manage large
accounts which this knowledge is then used to train new employees

• KMS presents several challenges

1. Employee’s may be unwilling to share tacit knowledge, it must be

encourage through a knowledge management culture that rewards
employees who add their expertise.
 2. Knowledge base must be continuously upgraded and maintained
3. Companies must be willing to invest in the resources to carry out these
operations

• The KMS Cycle

KMS Six Step Cycle:

1. Create knowledge: knowledge is created as people determine new ways of doing things and
external knowledge is brought in
2. capture knowledge: new knowledge must be identified as valuable and be presented in a
reasonable way
3. refined knowledge new knowledge must be placed in context so that it is actionable (eg. tacit
qualities must be captured along with explicit facts)
4. Store knowledge: useful knowledge must be stored in a reasonable format in a knowledge
repository so others in an organization can access it
5. manage knowledge: knowledge must be kept current must be reviewed regularly to verify that
is relevant and accurate.
6. disseminate knowledge: knowledge must be available in a useful format to anyone organization
who needs it anywhere at anytime

5.5 Appendix: Fundamentals of Relational Database Operations

A relational database is a collection of interrelated two-dimensional tables consisting of rows and

columns. Each row represents a record, and each column represents an attribute of that record. every
record in the database must contain at least one field that uniquely identifies that record so it can be
retrieved, updated, and sorted.

This identifier field or group of fields is called the primary key, secondary key is another field that has
some identifying information but does not identify the record. a foreign key is a field or group of fields in
one table that matches the primary key value in a row of another table. a foreign key is used to establish
and enforce a link between two tables.

• Query Languages

• Structured query language: most popular query language used for interacting with a
database

• Performs complicated searches by using simple statements or key works

• EG. . Typical key words are SELECT (to choose a desired attribute),
FROM (to specify the table or tables to be used), and WHERE (to specify
conditions to apply in the query).
 • Query by example: a user fills out a grid or template – known as a form to construct a
sample or a description of the data desired.

Entity Relationship Modeling

Designers plan and create databases through a process of entity-relationship modelling ( The process of
designing a database by organizing data entities to be used and identifying the relationships among
them) using an entity relationship diagram (Document that shows data entities and attributes and
relationships among them)

• Entity relationship diagram (ERD)

• ER diagrams consist of entities, attributes, and relationships

• To properly identify er diagrams, data designers first identify business

rules for the data model.

• Business rules: precise descriptions of policies, procedures, or principles

in any organization that stores and uses data to generate information

• Entities are pictured in rectangles, and relationships are described on

the line between two entities, the attributes for each entity are listed,
and the primary key is underlined.

• Data dictionary

• Data dictionary: provides information on each attribute, such as name, if it is a

key, a non-key attribute, and the type of data expected. (alphanumeric,
numeric, dates, etc) and valid values.

• Relationships

• Relationships: illustrates an association between entities

• The degree of the relationship indicates the number of entities

associated with a relationship

• A unary relationship exists when an association is maintained within a

single entity

• A binary relationship: exists when two entities are associated

• A Ternary relationship: exists when three entities are associated

• Cardinality

• Cardinality: refers to the maximum number of an instance of one entity can be

associated with an instance in the related entity

• Cardinality can be mandatory single, optional single, mandatory many, or

optional many
 • FIGURE 5.9 Cardinality symbols.

Ex. Let’s look at an example from a university. An entity is a person, place, or thing that can be identified
in the users’ work environment. For example, consider student registration at a university. Students
register for courses, and they also register their cars for parking permits. In this example, STUDENT,
PARKING PERMIT, CLASS, and PROFESSOR are entities. Recall that an instance of an entity represents a
particular student, parking permit, class, or professor. Therefore, a particular STUDENT (James Smythe,
8023445) is an instance of the STUDENT entity; a particular parking permit (91778) is an instance of the
PARKING PERMIT entity; a particular class (76890) is an instance of the CLASS entity; and a particular
professor (Margaret Wilson, 390567) is an instance of the PROFESSOR entity.

Entity instances have identifiers or primary keys which are attributes that are unique to the entity
instance.

For example: STUDENT instances can be identified with Student Identification Number

Entities have attributes, or properties, that describe the entity’s characteristics.

For example: examples of attributes for STUDENT are Student Name and Student Address.
Three binary relationships:

1. One-to-one relationship: a single entity instance of one type is related to a single-entity instance
of another type
a. Ex: a student-parking permit relationship is 1:1 as students may only register one car or
no car at the university, that is a student can only have one parking permit or no permit.

2. One-to-many relationship
a. Ex: a student-class relationship, each class is taught by one professor but the professors
teach many classes

3. Many-to-many relationship
a. Ex: a student-class relationship, a student can register for more than one class and each
class can have more than one student

Normalization and Joins

 Data must be analyzed in a relational database management to eliminate redundant data

elements.
 Normalization: a method for analyzing and reducing a relational database to ensure
minimum redundancy, maximum data integrity, and optimal processing performance.
 Functional dependencies: means of expressing that the value of one attribute is associated
with a specific single value of another attribute.
o Ex. For example, for a Student Number 05345 at a university, there is exactly one
Student Name, John C. Jones, associated with it. That is, Student Number is referred
to as the determinant because its value determines the value of the other attribute.

Chapter 7

Opening Case: Walmart

Think about:

• Are you a “lowest-price” shopper? How would you use features offered by Walmart and its
online store?
 • Features of the online store is designed to make it easier to reorder items, check the
status of orders, discover products that are locally trending, and explore services at
nearby Walmart stores.

• How do software capabilities enable the shopping options being provided by Walmart?

• Lord & Taylor is on Walmart website to which they provide over 125 brands.

• Increased selection of products on the website

7.1 Overview of E-Business and E-Commerce

• Definitions and Concepts

• Types of E-Commerce

• Major E-Commerce Mechanisms

• Electronic Payment Mechanisms

• Benefits and Limitations of E-Commerce

Definitions and Concepts (1 of 2)

• Electronic Commerce (EC or e-commerce)

o The process of buying, selling, transferring, or exchanging products, services, or

information via computer networks, including the Internet

• Takes on several forms based on degree of digitization ( the extent to which the
commerce has been transformed from physical to digital )

Types of organizations and their degree of digitization:

• Brick-and-mortar: purely physical organizations, no EC

• Virtual organizations: also known as pure-play is a digital-only organizations, only EC

• Clicks-and-mortar organizations: partial EC with a primary physical presence

• Example: buying digitally and the product being physically delivered to you througha
service like amazon.

How EC Influences Organizations

1. Increases organizations reach (number of potential customers that the company can market to)
2. Removes barriers that impeded entrepreneurs seeking to start a business.
3. Transforms the nature of competition through the development of new online companies, new
business models, and diversity of EC related products and services.
 • Electronic Business (e-business)

o A broader concept than e-commerce that also includes servicing customers,

collaborating with business partners, and performing electronic transactions within an
organization.

Types of E-Commerce

• Business-to-consumer (B2C): sellers are organizations and the buyers are individuals

• Business-to-business (B2B): both the sellers and the buyers are business organizations
(comprises vast majority of EC)

• Consumer-to-consumer (C2C): customer to customer, individual sells of products and services to

other individuals

• Auctions and classified ads are strategies to conduct C2C

• Business-to-employee (B2E): an organization use of EC to provide information and services to its

employees

• Ex: discounted insurances, travel packages, tickets to events for employees. Electronic
stores that sell products at a discount to employees.

• E-government (G2C or G2B): use of e-commerce and technology to deliver information and
public services to citizens (aka government-to-citizen or G2C)

• Mobile commerce (m-commerce): e-commerce conducted entirely in a wireless environment.

• Ex: shopping on your cellphone online

• Social commerce: refers to the delivery of electronic activities and transactions through social
computing

• Conversational (or chat) commerce: refers to electronic commerce using messaging and chat
apps to offer a daily personalized choice on a meal, product, or service

Each EC is executed in one or more business models (a method by which a company generates revenue)

Major E-Commerce Mechanisms

Buy/Sell Online Mechanisms

Electronic catalogues: consist of a product database, a directory and search capabilities, and a
presentation function.

Electronic auctions: a competitive buying and selling process in which prices are determined by
competitive bidding
 o Reverse auction

• One buyer wants to purchase a product or service, to which they post a

quotation (RFQ) on the desired purchase on its website that suppliers submit
their bids on electronically.

o Forward auction

• Sellers place items for auction, and the highest bid from buyer wins.

• Electronic storefronts: a website that represents a single store

• E-malls (cybermalls): a website that has a collection of individual shops.

Electronic marketplaces – a central, virtual marketplace to conduct e-commerce/e-business activities.

• Online direct marketing: manufacturers or retailers sell directly to customers

• Electronic tendering system: business request quotes from suppliers

• Name your own price: customers decide how much they are willing to pay and an intermediary
tries to match a provider

• Find the best price: customers specify a need; an intermediary compares provider and shows
the lowest prices, the customer must accept in a short period of time or they lose the deal.

• Affiliate marketing: vendors ask partners to place logos on partners site, if customers make a
purchase on the logo link, then the vendor pays commissions to the partner.

• Viral marketing: recipients of your marketing notices send information about your products to
their friends.

• Group purchasing (e-coops): small buyers aggregate demand to create a large volume then
conducts tending or negotiates a low price

• Online auctions: actions run online by companies.

• Product customization: customers use the internet to self-configure products or services, sellers
then price and fulfill them quickly.

• Electronic marketplaces and exchanges: transactions are conducted efficiently in electronic

marketplaces

• Bartering online: intermediary administers online exchange of surplus products or company

receives points for its contribution which it uses to purchase other needed items.

• Deep discounters: company offers deep price discounts

• Membership: only members have access to the content and services

Electronic Payment Mechanisms

Electronic payment mechanisms: enables buyers to pay for goods and services electronically through
writing a cheque or using cash.

 EC requires electronic payments

• Electronic cheques (e-cheques)

• Electronic cards

o Electronic credit (or debit) cards: allow customers to charge online payments to their
credit or debit card account.

o Purchasing cards: equivalent to credit cards, primary form of payment between

companies, different from credit card as payments need to be settled within a week.

o Stored-value money cards: allows you to store a fixed amount of prepaid money and
then spend it as necessary

o EMV Smart cards (Europay, MasterCard, and Visa): contains a chip that can store a large
amount of information as well as on a magnetic stripe for backward compatibility.

Digital online payments (payment gateways)

 Payment gateway: an application that authorizes payments for e-businesses, online retailers,
bricks-and-clicks businesses, or traditional brick-and-mortar businesses.
o Interact with the card issuers bank to authorize the card in real time when purchase is
made.

FIGURE 7.1 How e-credit cards work

How e-credit cards work. (The numbers 1–9 indicate the sequence of activities.)
1. When you purchase a book from Amazon, for example, your credit card information and purchase amount are encrypted in your
browser. This procedure ensures the information is safe while it is “travelling” on the Internet to Amazon.
2. When your information arrives at Amazon, it is not opened. Rather, it is transferred automatically (in encrypted form) to a
clearinghouse, where it is decrypted for verification and authorization.
3. The clearinghouse asks the bank that issued you your credit card (the card issuer bank) to verify your credit card information.
4. Your card issuer bank verifies your credit card information and reports this to the clearinghouse.
5. The clearinghouse reports the result of the verification of your credit card to Amazon.
6. Amazon reports a successful purchase and amount to you.
7. Your card issuer bank sends funds in the amount of the purchase to Amazon’s bank.
8. Your card issuer bank notifies you (either electronically or in your monthly statement) of the debit on your credit card.
9. Amazon’s bank notifies Amazon of the funds credited to its account.
Benefits and Limitations of E-Commerce

Benefits

• National and international markets are more accessible

• Lowers costs of processing, distributing, and retrieving information

• Provides access to a vast number of products and services 24/7

• Deliver information, services, and products to people in cities, rural areas, and developing
countries

Limitations

• Lack of universally accepted security standards

• In less-developed countries telecommunications bandwidth is often insufficient, and Web access

is expensive

• Perceptions that e-commerce is insecure.

7.2 Business-to-Consumer (B2C) Electronic Commerce

-B2C is complex, involves a large number of buyers, and diverse transactions from a

small number of sellers.

• Electronic Storefronts and Malls

• Electronic retailing: the direct sale of products and services through electronic
storefronts or electronic malls.

Benefits of E-Commerce

o Enables you to buy from anywhere at any time

o Offers a wide variety products and services often at lower prices
o Long tail: describes the retailing strategy of selling a large number of
unique items in small quantities
o Locate and compare competitor products and prices easier
o Access to detailed product information
o Vast amount of sellers for buyers

Two Online Shopping Mechanisms

Electronic storefront: a website that represents a single store (each with its own URL or internet
address)

Electronic mall: a collection of individual shops under a single internet address (aka a cybermall)
 • Online Service Industries

• Disintermediation

• Elimination of intermediaries in electronic commerce

• Intermediaries have two functions.

• They provide information.

• They perform value added services such as consulting.

• Financial technology (Fintech)

• Customers expect financial experiences to be mobile, personalized, customized and accessible

• An industry composed of companies that use technology to compete in the

marketplace with traditional financial institutions in the delivery of financial
services

Consider:

• How could you improve the way that you process your financial transactions?

• Fintech companies developing innovative platforms to make it a simpler process for

currency exchange

• Mobile apps used to track financial status in real time

• Internet banking (ex: tangerine, ally)

• How many different methods do you use to pay for products or services?

• Consumers link a bank account to a smartphone app to send money to recipients email
address or phone number (ex: Canadas interac e-transfer)

• Online securities trading

• Use of computer to trade shares, bonds, and other financial instruments.

• Use of internet for information regarding mutual funds to invest in

• The online job market

• Sites used for job seekers to help find available positions (ex: www.indeed.ca)

• Travel services

• Online travel services used to purchase airline tickets, reserve hotel rooms, and
rent cars
 • A costly problem: e-commerce may cause “mistake fare” in the airline
industry (ex: a ticket selling for 300$ when its 1200$)

• Online advertising

• Advertising: the practice of disseminating information in an attempt to influence

a buyer-seller transaction

• Direct response marketing/telemarketing: contacts individuals directly

requiring a response in order to make a purchase

Benefits of Online Advertisement

o Online ads can be updated at a minimal cost

o Online ads can be kept current
o Online ads reach a large audience of potential buyers all over the world
o Online ads are cheaper than radio, television, and print ads
o Online ads can be specific to individuals

Business Models Used to Increase the Number of Impressions (Advertising

>content creators employ a business model to increase the number of impressions they deliver:

• Increase internet traffic

• Place more and more intrusive ads on webpages, such as:

o Banners

o Pop-up ad

o Pop-under ad

o Spamming (email): the indiscriminate distribution of electronic ads without the

permission of the recipient

• Advertising is misused causing a flood of unsolicited emails to consumers

• Native advertising: ads disgusted as content to bypass ad blockers

• Offer premium content that targets a premium audience

• Use reports and non-advertising revenue sources (ex-selling reports to companies willing to pay
for useful information)

Concerns with full screen ad takeovers, and cookies that track users web visits, and clicks
enables them to put on ad blockers-ad-blocking software

Types of Ad Blockers:
 Ad blockers that stop every ad and tracker
Ad blockers that are for profit businesses
Ad blockers that collect data (ex. Data gathered on about ads and trackers before blocking)
Ads that use a freemium model (ex. A free app with additional ad blocking features you pay for)
Ad blockers that are functioning of operating systems (ex. Google chrome blocking annoying ads
from sites)

Issues in E-Tailing

e-tailing: refers to electronic retailing and the specific activities related to selling retail products and
services via the internet

• Channel conflict and multichannelling

• Channel conflict: the alienation of existing distributors when a company decides to sell
customers directly online.

• Multichanneling: a process in which a company integrates its online and offline channels

• Showrooming: occurs when shoppers visit a brick and mortar store to examine a
product in person to then conduct online research from competitors to compare
products.

• Order fulfillment

• Order fulfillment for B2C is difficult due to the abundance of orders, and the efficiency
to complete them.

• Personalized pricing

Today consumers can use standardized pricing: a product that is sold through multiple channels, the
cost should only vary on the difference in shipping, taxation, and distribution costs

o To which if not up to consumer standards they use showrooming

• Personalized pricing: the practice of pricing items at a point determined by the

customers perceived ability to pay.

• Merchants will try to maximize the price the consumer is willing to pay by:

• Analyzing big data that consumers generate such as the swiping of there
rewards cards, and placing items in shopping carts that can gives insight into the
profit maximizing price

• Reservation price: the maximum amount they would be willing to pay for a
specific product before they reconsider

• Merchants will charge on the reservation price

Tips for Personalized Pricing – To Acquire Data on Pricing To Have A Competitive Advantage
 • Use of mystery shoppers to acquire prices from brick-and-mortar retailers.

• Scraping: bots used to scan rival websites and collect data on competitor prices

7.3 Business-to-Business (B2B) Electronic Commerce

B2B Electronic Commerce: enterprise forming electronic relationships with resellers, suppliers,
customers and other partners

• Sell-Side Marketplaces: organizations sell their products or services to other organizations

electronically from their own private e-marketplace website or from a third party website

• Electronic catalogues is used in the SS model

• Forward auctions is used in the SS model

• Buy-Side Marketplaces: organizations attempt to procure needed products or services from

other organizations electronically

• Reverse auctions is used in the BS Model

• Procurement: the function that describes the activites and processes to acquire goods
and services

• Purchasing: refers to the process of ordering and receiving goods and services

• E-procurement: purchasing by using electronic support – uses group purchasing

• Group purchasing: multiple buyers combine their orders so that they constitute
a large volume and attract seller attention

• Electronic Exchanges: e-markets owned by a third party and they connect many sellers with
many buyers

• Deal with indirect and direct materials

• indirect: items such as office supplies, operations, and repairs (MRO)

• direct: inputs to the manufacturing process (ex. Safety glass used for
automobile windshields and windows)

• Three basic types of public exchanges:

• Vertical exchanges: connects buyers and sellers in a given industry

• Offers services to the community they serve

• Managed by a consortium: a group of major players in an industry

• Horizontal exchanges: connects buyers and sellers across many industries

• Functional exchanges: needed services such as temporary help or extra office space
are traded on an as needed basis
Consider:

• Would you pay more to a local distributor with whom you had a high-quality relationship
instead of using Amazon? Why or why not?

• Could Amazon put small distributors out of business? Why or why not?

• Yes, amazon offers over 50,000 products online, selling goods in both B2C and B2B
marketplaces

• Amazon offers specialty products a click away, two-day deliver, huge specialty product
list, and easy-to-use website

7.4 Ethical and Legal Issues in E-Business

• Ethical Issues

• Issues arising related to e-business

• Privacy

• Easier to store information

• Protect identities with encryption.

Tracking

• Cookies storing history on hard drive, and revisiting those

sites, recognizes the cookies

• EC eliminates positions

• How to handle layoffs, compensations, assisting

displaced workers

• Legal and Ethical Issues Specific to E-Commerce

E-Commerce causes legal issues :

Internet Fraud

• Ex: false positive rumors on prospects of a company to boost share price

• Fraud Auctions

• Bogus Investments

• Phantom Business Opportunities

• Fraudulent affiliate marketing

• Credit Card Theft (most common type of fraud)

 • Domain names

• Competition over domain names

• Domain name considered legal if company operated a legitimate business under it for
some time

• Cybersquatting

• Practice of registering or using domain names for the purpose of profiting from the
good will or the trademark that belongs to someone else

• Some practices considered cybersquatting aren’t legal:

• Domain tasting: lets registrars profit from the complex money trail of
pay-per-click advertising

• Registering in a close domain from another to generate traffic

from those who misspelled the website.

• Taxes and other fees – Online

• Federal tax on online sales

• Provincial tax such as the QST

• HST combined provincial and federal tax

• responsibility of the e-commerce retailer to collect the federal and provincial tax

• Copyright
• Violation to copy rights is copying material from website with permission, distributing
material.

IT’s About Business 7.1:

Shopify

Consider:

• What features do you use when you visit an e-storefront?

• Shopify includes features to create an e-commerce store, focuses on – handling social

media advertising, shipping, product reviews and upselling

• How does the quality of the vendor’s website affect your buying decisions?
 • Shopify launched an chat option, shopify chat that allows merchants to have real-time
conversations with customers

• Shopify launched shopify studios allowing small media production companies to market
their media products

Chapter 11

Customer Relationship Management and Supply Chain Management

Opening Case: Tesco Enhances Its Customer Relationship Management Efforts

Think about:

• Tesco increased physical locations, offered multiple services (grocery, general

merchandise, and clothing), and digital strategy to strengthen CRM.

• What are the features and characteristics of a good checkout experience at a shopping website?

• Internet connection affects checkout flow

• How does software like Splunk help organizations deal with unreported customer problems
(such as abandoned shopping carts)?

• Tesco used Splunk enterprise a software for searching, monitoring and analyzing
large machine-generated datasets to troubleshoot customer service date needs
to which they encountered an issue with connectivity in their checkout flow.

11.1 Defining Customer Relationship Management

• Customer Relationship Management (CRM)

• Customer relationship management: a customer focused and customer driven

organizational strategy that is organizations concentrate on assessing customers
requirements for products and services and then provide a high quality responsive
customer experience

• Repeat customers are the largest generator of revenue

• Customer relationship has become more impersonal with the Internet – why?

• Dissatisfied customers are one click away from competitors.

• In-person first impressions aren’t evident on the Web

How can you fix this?

- Personal marketing: marketing to each customer individually

  Designed to achieve customer intimacy.

CRM Process

1. Marketing effort to solicit prospects from target population of potential customers

2. Prospects then make a purchase, thus becoming customers
a. Customers will be repeat customers
i. Low-value repeat customers
ii. High value repeat customers
Goal is to maximize lifetime value of customer
3. Customer churn: the loss of customers overtime

CRM Systems – information systems designed to support an CRM strategy

Low end crm systems: designed for enterprises with many small customers (ex. Amazon)

High-end crm systems: designed for enterprises with few large customers (ex. Bentley Motors)

Two Elements Successful CRM Policies Share:

4. Company must identify the many type of customers touch points

5. It needs to consolidate date about each customer

• Customer Touch Points

• Customer touch points: any interaction between a customer and organization

• Customer touch points that need to be managed by CRM systems such as emails,
websites and smartphone communication

• Omni channel marketing: an approach to customers that creates a seamless experience

regardless of the channel used to touch the business

• Used to help channel conflicts when businesses have need put their touch
points in sync

• Would you consider purchasing custom clothing for a better fit? How would you use the Internet
to find a suitable store?

• Indochino website allows consumers to make an apppintment, visit showrooms to check

out fabricks, and personalize the clothing items they are interested in

• Website offers a style guide who takes customers measurements to ensure a proper
fitting suit.
 • What types of contact would you prefer from a clothing store? Why? Compare these to Figure
11.2.

• Indochino adds messaging to touch points with customers to confirm appointments,

send reminders, and update customers on the status of their delivery

• Indochino sends out automatic emails about loyalty programs, promotions and style
advice.

• Data Consolidation

Data must be managed effectively in CRM

• Data consolidation using a data warehouse enables:

o 360-degree view of a customer

• Customer-related data available to every unit of business

• Companies can view this data, enhance consumer relationships and

make profitable decisions

o Collaborative CRM

• A crm system in which communications between the organization and its

customers are integrated across all aspects of marketing, sales and customer
support processes.

• Provides direct consumer feedback to organization

o Customer identity management

• A marketing technology intended to complete a 360° view of a customer across

an organization

• Helps organizations understand who their customers are

Crm System Contains Two major Components:

 Operational Crm Systems

 Analytical Crm Systems

Operational Customer Relationship Management Systems

• Support front-office processes – those that directly interact with customers that is sales,
marketing and service
 • Two Major Components of Operational Crm Systems

o Customer-facing applications

o Customer-touching applications

• Provide the following benefits:

o Efficient and personalized marketing, sales, and service

o A 360-degree view of each customer

o The ability of sales and service employees to access a complete history of customer
interaction with the organization, regardless of the touch point

Customer-Facing Applications

Customer facing crm applications: an organizations sales, field service, and customer interaction centre
representatives interact directly with customers

• Customer service and support (CIC) and call centres

• an operation which organizational representatives use multiple communication

channels to interact with customers and functions such as inbound Tele service and
outbound Tele sales

• call centre: is centralized office set up to receive and transmit a large volume of requests
by telephone

• Salesforce automation (SFA)

• A component of operational CRM system that automatically records all of the

components in the sales transactions process

SFA Systems:

• Contact management system: tracks all communications between the company and the
customer, the purpose of each communication, and follow up

• Sales lead tracking system: list potential customers or customers who have purchased related
products that are similar to what the salesperson is trying to sell to the customer

• Sales forecasting system: a mathematical technique for estimating future sales

• Product knowledge system: a comprehensive source of information regarding products and

services

• Configurators: systems that provide online product building features to target consumers
specific needs
 • Marketing

• CRM systems enable marketers to identify, target best customers, manage marketing
campaigns and generate quality leads for sales teams

• CRM marketing applications sift through large volumes of data in a process called data
mining to develop a purchasing profile – a snapshot of a consumers buying habits that
may lead to additional sales through upselling, cross-selling, and bundling.

• Upselling: the opportunity to purchase related products or service over greater

value in place of or along with the consumer's initial product or service selection

• Cross-selling: the marketing of additional related products to customers based

on previous purchase

• Bundling: form of cross selling in which a business sells a group of products or

services together lower price than their combined individual prices

• Campaign management: applications that help organisations plan campaigns that send the right
messages to the right people through the right channels.

Customer-Touching Application
(a.k.a. e-CRM)

Customer touching applications: Applications and technologies with which customers interact and
typically help themselves

• Search and comparison capabilities

• Searching comparison capabilities to assist customers defined the type of product or

service they want on the Internet

• Technical and other information and services

• Organizations offer personalized experiences to induce customers to make purchases or

to remain loyal (EX. customers downloading product manuals)

• Customized products and services

• Organizations offer mass customization to which customers can configure their own
products

• Personalized webpages

• Organisations permit personalized web pages that customers record purchases and
preferences as well as problems and requests.

• FAQs

• FAQ Tool used by consumers that helps find information they need
 • Email and automated response

• Companies use e-mail to answer customer inquiries, disseminate information, send

alert’s, send product information, and conduct correspondence on any topic.

• Loyalty programs

• loyalty program: Recognizes customers who purely use a vendors products or services

• loyalty programs are appropriate under two conditions:

• high frequency of repeat purchases

• limited product customization for each customer

Analytical CRM Systems

Analytical Crm Systems: A CRM system that analyzes customer behaviour and perceptions in order to
provide actionable business intelligence.

For example, analytical CRM systems typically provide information concerning customer requests and
transactions, as well as customer responses to the organization’s marketing, sales, and service
initiatives.

• Analytical CRM systems analyze customer data for a variety of purposes, including:

o Designing and executing targeted marketing campaigns

o Increasing customer acquisition, cross-selling, and upselling

o Providing input into decisions relating to products and services (e.g., pricing and product
development)

o Providing financial forecasting and customer profitability analysis

IT’s About Business 11.2:

Sun Life Financial

Consider:

• How would data integration with the functional areas of HR be beneficial to Sun Life Financial?

• Sun Life Financials Two Departments, The Distribution and Marketing Team and The Sun
Life Career Sales Force team work in collorabation to sell the companys insurance and
investments products but they work in independently causing lost productivity on data
entry and handling as there were large amounts of data
 • What information systems architecture would be required to implement systems like those at
Sun Life Financial?

FIGURE 11.3 The relationship between operational CRM and analytical CRM

11.3 Other Types of Customer Relationship Management Systems

• On-demand CRM systems (i.e., utility computing or SaaS)

• On demand crm systems: A CRM system that is hosted by an external vendor in the
vendor’s data centre. Also known as utility computing or software-as-a-service,

• Vendor creates and maintains the systems

Problems of on-demand Crm Systems:

1. Vendor could prove to be unreliable

2. Hosted software is difficult or impossible to modify and only the vendor can upgrade it
3. Vendor hosted crm software may be difficult to integrate with the existing software

• Mobile CRM systems

• Mobile crm systems: an interactive system that enables an organization to conduct

communications related to sales, marketing and customer service activities through a
mobile medium for the purpose of building and maintaining relationships with its
customers

• Open-source CRM systems

• Open-source crm systems: CRM software whose source code is available to developers
and users

• May be implemented either on-premise or on demand

• Social CRM systems

• Social crm: the use of social media technology and services to enable organizations to
enable organizations to engage their customers in collaborative conversation in order to
provide mutually beneficial value in a trusted and transparent manner

• Real-time CRM
 • Real time crm systems: help organizations to respond to customers product searches,
requests, complaints, comments, ratings, reviews and recommendations in real time

IT’s About Business 11.3:

Black Diamond

Consider:

• Do you pay attention to the “recommender” systems at the websites where you shop?

• Black diamond implemented a recommendation engine: a tool that uses a mathematical

algorithm to predict what users will or will not like (use of purchase history, dislikes,
differences, similarities, to create recommendations and timing to present an
advertisement

• Black diamond implemented the Salesforce Einstein– drives organizations to make

desicison on product recommendations to customers by analyzing deep data, and a
third party recommender engine

• How are recommender systems related to customer profiles and potential increased sales to
customers?

• Recommendation systems is a tool that uses algorithms to predict what users will or will
not like.

11.4 Supply Chains

• Organizations recognize suppliers can supply goods and service they need more efficiently then
they can, this trend of relying on an increasing number of suppliers has led to the concept of
supply chains
o Supply chain: the flow of material, information, money and services from raw material
suppliers, through warehouses to end customers
 Includes the processes that create and deliver products, information, and
services to end users
o Supply chain visibility: refers to the ability of the organizations within a supply chain to
access relevant data on purchased materials as these materials move through their
suppliers production processes and transportation networks to their receiving docks
 Inventory velocity: The quicker a company can deliver products and services
after receiving the material to make them – the more satisfied customers will be
o Supply chain information is obtain through sensors, RFID Tags, meters, GPS and other
devices and systems

The Structure and Components of Supply Chains

• The structure of supply chains

• Involves three segments:

 • Upstream: where sourcing or procurement from external suppliers occur

• Supply chain managers select suppliers to deliver the goods and services
the company needs to product its product or service

• Supply chain managers develop the pricing, delivering, and payment

processes between a company and its suppliers

• processes for managing inventory, receiving and verifying shipments,

transferring goods to manufacturing facilities, and authorizing payments
to supplier

• Internal: where packaging, assembly, or manufacturing takes place

• Supply chain managers schedule the activities for production testing,

packaging and preparing goods for delivery

• Supply chain managers monitor quality levels, production output, and

worker productivity

• Downstream: where distribution takes place, frequently by external distributors

• Supply chain managers coordinate the receipt of orders from

customers, develop a network of warehouses, select carriers to deliver
products to customers, and implement invoicing systems to receive
payments from customers.

• Reverse flows or reverse logistics: flow of goods and information can be

bidirectional (ex. Damaged or unwanted products can be returned)

• The components of supply chains

• Tiers of suppliers

• Tier 3: Basic products (ex: supplies glass, plastic and rubber)

• Tier 2: Sub-assemblies (ex: supplier uses basic inputs to make windshield, tires and
plastic mouldings)

• Tier 1: Integrated components (ex: suppliers produce integrated components such as

dashboards and seat assemblies)

• The flows in the supply chain

• Materials flows: the physical products, raw material, supplies and so forth that
flow along the chain

• Information flows: consists of data related to demand, shipments, orders,

returns and schedules and well as changes in any of these data

• Financial flows: involve money transfers, payments, credit card information and
authorization, payment schedules, e-payments and credit related data
11.5 Supply Chain Management

Supply chain management: An activity in which the leadership of an organization provides extensive
oversight for the partnerships and processes that compose the supply chain and leverages these
relationships to provide an operational advantage.

- In other words: to improve the processes a company uses to acquire the raw materials it
needs to produce a product or service and then deliver that product or service to its
customers

• Five Basic Components of SCM

• Plan: In SCM, organizations must have a strategy for managing all their resources
involved in meeting customer demand for their product or services.

• Source: IN SCM, organizations chose the suppliers to deliver the goods and services they
need to create their product or services

• Make: In SCM, this is the manufacturing component, supply chain managers schedule
the activities for production, testing, packaging and preparation for delivery.

• Deliver: In SCM, this is logistics, organizations coordinate the receipt fo customer orders,
develop a network of warehouses, select carriers to transport products to consumers,
and create an invoicing system to receive payments

• Return: In SCM, supply chain managers, must create a network for receiving defective,
returned, or excess products from their customers

SCM are a type of interorganizational information system: information flows from two or more
organizations

IOS enable business partners to perform a number of tasks:

1. Reduce the costs of routine business transactions

2. Improve the quality of the information flow by reducing or eliminating errors.
3. Compress the cycle time involved in fulfilling business transactions.
4. Eliminate paper processing and its associated inefficiencies and costs.
5. Make the transfer and processing of information easier for users.

• The Push Model versus the Pull Model

• Push model: a scrm system, known as a make-to-stock to which the production process
begins with a forecast on customer demand

• Company produces number of products typically by mass production and sells

these products to consumers

• Pull model: a scrm system, known as a make-to-order, the production process begins
with a customer order
 • Company makes order on what customers want, typically by mass customization

• Problems along the Supply Chain

• Two main sources of problems:

• Uncertainties (e.g., the demand forecast, delivery times)

• Demand for a product can be influenced by factors such as competition, price,

weather conditions, technological developments, and overall economic
conditions and customers general confidence)

• The need to coordinate multiple activities, internal units, and business partners

• Bullwhip effect: refers to erratic shifts in orders up and down the supply chain

IT’s About Business 11.5:

Flexe, the Airbnb of Warehousing

Consider:

• How many different organizations do you buy from to have products shipped to your home?

• Flexe uses a vacant warehouse space close to customers to provide rapid delivery

• How does the Flexe infrastructure facilitate cultural responsiveness to emergency situations
such as the COVID-19 pandemic?

• Flex helps brick-and-mortar retailers struggling to compete with the online retailer
Amazon without having to make huge investments in new facilities

• Solutions to Supply Chain Problems

 • Vertical integration: A strategy of integrating the upstream part of the supply chain with
the internal part, typically by purchasing upstream suppliers, so as to ensure timely
availability of supplies.

• Using inventories to solve supply chain problems – holding too much or too little inventory can
be costly

• Building inventories

• Just-in-time (JIT) inventory system: An inventory system in which a supplier delivers the
precise number of parts to be assembled into a finished product at precisely the right
time.

• Information sharing along supply chain

• Ex: For example, Walmart provides Procter & Gamble (P&G) with access to daily sales
information from every store for every item that P&G makes for Walmart. This access
enables P&G to manage the inventory replenishment for Walmart’s stor

• Vendor-managed inventory (VMI): occurs when the supplier, rather than the retailer,
manages the entire inventory process for a particular product or group of products

IT’s About Business 1.4:

ZaraConsider:

• Zara uses the push method by employing seasonal fashion, manufacturing the inventory before
the beginning of the season

• Zara uses the push method by manufacturing fast fashion based on short term 2-6 week
demand forecasts

• Zara uses the push method by making early forecasts of the number of clothing items they will
need to manufacture and buys large quantities of fabrics based on these forecasts

11.6 Information Technology Support for Supply Chain Management

SCM systems are essential for successful operation of businesses

Three technologies provide support to IOS and SCM systems:

• Electronic Data Interchange (EDI) and XML-Based Web Services

o Electronic data interchange: A communication standard that enables business partners

to transfer routine documents electronically

• Edi formats these documents based on agreed upon standards then it transmits
messages over the internet using a convertor called a translator
FIGURE 11.6 Comparing purchase order (PO) fulfillment without EDI

• Extranets

To implement IOS and SCM systems, a company must connect the intranets of their business
partners to create extranets

Extranets: link business partners over the internet by providing them access to certain areas of
each other’s corporate intranets

o Use virtual private network (VPN) technology

• Use of vpns to make communications more secure

• Benefits are faster process and information flow, improved order entry and
customer service, and lower costs in communication

o Three major types of extranets:

o A company and its dealers, customers, or suppliers

• A type of extranet centers on a single company

o An industry’s extranet

• Major industry players create an extranet that will benefit them all

o Joint ventures and other business partnerships

• Partners ina joint venture use an extranet as a vechicle for communication and
collaboration

• Ex: An example is Bank of America’s extranet for commercial loans. The

partners involved in making these loans include a lender, a loan broker,
an escrow company, and a title company. The extranet connects
lenders, loan applicants, and the loan organizer
• Portals and Exchanges

o A single point of access through a web browser where b2b supply chain management
that enable companies and suppliers to collaborate

o Two types of corporate portals

• Procurement protals: Corporate portals that automate the business processes

involved in purchasing or procuring products between a single buyer and
multiple suppliers.

• Distribution portals: automate the business process involved in selling or

distributing products from a single supplier to multiple buyers

• Emerging Technologies:

o Robotics, drones, autonomous (driverless) vehicles and three-dimensional (3D) printing

• Robots

• Robots can work under all conditions, they don’t take breaks

• A variety of robots from aerial robots, industrial robots, and

autonomous vechicles

• Automated deliver robot: delivers products to destinations

• Goods-to-person robots: help pick products for orders

• Telepresence robots: remote controlled used to consult on

problems, conduct tours, and do repairs

• Follow me robots: move with people in the picking operation

(ex: The human picker selects the products and places them in
the robot’s basket. The robot then delivers them to another
human. These robots are an example of a collaborative robot or
cobot)

• Baxter, sawyer, and lowebot

• Drone

• Customer delivery

• Warehouse and logistic functions

• Ex: For example, DroneScan (www.dronescan.co) and Corvus

Robotics (www.corvus-robotics.com) are conducting
experiments using drones to track inventory in a warehouse
 • Three dimensional printing:

• 3D printing is shortening or eliminating some supply chain applications.

Consider the following examples:

• Running shoes: Nike, adidas, and New Balance are experimenting with
3D printing soles designed specifically for the user.

• Rapid prototyping: Many companies are rapidly 3D printing prototypes

for new parts or products.

• 3D printing-as-a-service: Several companies in Canada provide 3D

printing services to customers.

• 3D printing is shortening or eliminating some supply chain applications.

Consider the following examples.

• Repair parts: Manufacturers are beginning to 3D print repair parts on an

as-needed basis

• Low-volume, high-value components: General Electric (GE)

(www.ge.com) Aeronautics uses 3D printing to manufacture fuel nozzles
for jet airplane engines.

Chapter 12

Think about:

• How many different types of data are Stitch Fix and the fashion industry using?

• Stitch fix matches clients with boutique brand clothes, shoes, and accessories based on
recommendations from analytics algorithms

• Stitch Fix, algorithms identify attributes of clothing that have a high probability of client
acceptance

• Stitch fix uses algorithms to predict how many customers are buying pants, and then
instruct manufacturers to produce in place of an order

• How much of the data being disclosed by customers could be considered private or
confidential? Why

• Stitch fix collects data on each customer such as her weight, bra size, and links to social media
profiles
• Stitch fix uses customer data to predict how likely one is to keep an item in their 5 item styling
fee box such as age, zip code, height, and size

Introduction
Business analytics (BA) is the process of developing actionable decisions or recommendations for actions
based on insights generated from historical data.

Business analytics involves using different tools to analyze data, create models that can predict
outcomes which are descriptive, perspective, and predictive , and then presenting these results
to decision-makers in an organization.

Business intelligence: defined as a broad category of applications, technology and processes for
gathering, storing, accessing, and analyzing data to help business users make better decisions

 User drive analysis: User-driven analysis is a method where user needs and preferences are
important in analyzing data. It involves collecting and analyzing user feedback and
interactions with a product or service to improve it. The goal is to create products that satisfy
the user and increase their engagement.

12.1 Managers and Decision Making

• The Manager’s Job and Decision Making

Management: a process by which an organization achieves it goals through the use of resources (people,
money, materials and information)

 Inputs: resources are considered as inputs

 Output: achieving organizational goals is the outputs
 Productivity: the ratio between the inputs and outputs
o A manager’s success is measured on productivity

Three basic roles of a manager according to Mintzberg (1973):

o Interpersonal: figure head, leader, liasion

o Informational: Monitor, disseminator, spokesperson, analyzer

o Decisional roles: Entrepeneur, disturbance handler, resource allocator, negotiator

FIGURE 12.1 The process and phases in decision making

Decision: refers to a choice among two or more alternatives that individuals and groups make

The three major phases of decision making:

1. Intelligence
2. Design
3. Choice

Intelligence phase: in which managers examine a situation and then identify and define the problem or
opportunity

Design phase: Decision makers create a model to address a situation, simplifying reality by
making assumptions and representing the relationships among relevant variables. The model is
validated with test data to ensure accuracy.

Choice phase: involves selecting a solution or course of action that seems best suited to resolve
the problem

• Why Managers Need IT Support

• Decision making is difficult due to the following trends:

• Number of alternatives is constantly increasing: alternatives are increasing due to

innovations in technology, improved communications, the development of global
markets, and the use of the internet and e-business

• Most decisions must be made under time pressure

• Increased uncertainty in the decision environment, making decisions more complex,

conduct a sophisticated analysis to a make a good decision

• Often necessary to rapidly access remote information, consult with experts, or conduct
a group decision-making session

`
 • A Framework for Computerized Decision Analysis

Two Major Dimensions To Understand Business Analytics: problem structure and the nature of the
decision

Problem Structure

In which decision makers processes fall along a continuum ranging from highly structed to highly
unstructured

• Problem structure

o Structured:` deal with routine and repetitive problems for which standard solutions exist
such as inventory control

• first three phases of the decision process include intelligence, decision, and
choice laid in a particular sequence and the procedures for obtaining the best
solutions are known.

o Semi-structure: combination of standard solution procedures and individual judgment

o Unstructured: decisions that are intended to deal with complex problem with there no
cut solutions

• Nature of decisions

o Three broad categories of managerial decisions

• Operational control: executing specific tasks efficiently and

effectively

• Management control: acquiring using resources affectively in

accomplishing organizational goals

• Strategic planning: the long range goals and policies for growth
and resource allocation

• The decision matrix

decision support matrix: a combination of the three primary classes of problem structure in the
three broad categories of the nature of decisions into nine cells.

 lower level managers perform the tasks in cells 1-2 and four
 middle managers perform the tasks and sells 3-5 and seven
 seniors executives perform the tasks and cells 6-8-9

• Business analytics: the process of developing actionable decisions or recommendations for

actions based on insights from historical data using applications, technologies, and processes
 • Three specific analytics targets that represent different levels of enterprise-side change:

o The development of one or a few related analytics applications: target is often a point
solution for a departmental need, such as a campaign management in marketing

• Data marts are created for this target to store data

o The development of infrastructure to support enterprise-wide analytics

• Target supports both current and future analytics needs

• Enterprise data warehouses are used to store data

o Support for organizational transformation

• Within this target, a company uses business analytics to transform the ways it
competes in the marketplace

• Business analytics supports a new business mode and enables the

strategy

The Business Analytics Process

BA begins with a business problem called pain points.

Underlying Technologies

In Ba processes there’s an emphasis on the importance of technology as its rapidly improving.

Ex. Advances in digital storage capacity, access speed are driving costs down meaning
organizations are able to store and analyze huge amounts of data

 Microprocessors, graphics processing units are technology of the ba process

Data Management

To begin ba process an organization must have data which originates from internal sources, such as
structed data in relation databases and external sources such as unstructured data from social media.

Then organizations integrate and clean these data these into data marts warehouses through a process
called extract, transform and load

Then the data can now be analyzed

Descriptive Analytics, Predictive analytics and prescriptive analytics

 organizations perform these three types of analytics applications

 Presentation Tools
 All three analytics produce results which need to be communicated decision makers

Asking the next question

 once results are attained and presented in the analytics process decision makers must be ready
to ask the next question

Business Analytic Tools

• Excel

• Most popular BA tool

• Multidimensional analysis (also called OLAP)

• Data mining

• Decision-support systems

• Statistical procedures: descriptive statistics; affinity analysis; liner, multiple and logistic
regression; and others

12.3 Descriptive Analytics

Data reduction: organizations analyzing large amounts of raw data to make sense of them

• Descriptive, predictive, and perspective analytics are used in data reduction

• Descriptive analytics: summarizes what has happened in the past and enables decision makers to learn
from past behaviours

• BA tools in descriptive analytics:

o Online analytical processing (OLAP) (i.e., multidimensional analysis)

• Online analytical processing: both slicing and dicing the data that is stored in a
dimensional format, drilling down in the data to greater detail coma and rolling up data
to greater summarization

• Ex: the data cube. To find out how many nuts a company sold in the West
region in 2019, you can use a data cube with the product on the x-axis,
geography on the y-axis, and time on the z-axis. By selecting nuts as the
product, West as the geography, and 2019 as the time, you can slice and
dice the cube to get the desired information. The value(s) remaining in
the cell(s) after this process will give you the answer.
 o Data mining: refers to the process of searching for valuable business information in a
large database, data warehouse, or data Mart

• data mining performs 2 basic operation:

 identifying previously unknown patterns

 for example a descriptive analytics application can analyse retail sales
data to discover products purchased together (aka affinity analysis or
market analysis)
 affinity analysis: a data mining application that discovers co-occurrence
relationships among activities performed by specific individuals or
groups
 an affinity analysis is used to perform a market basket analysis in which
retailers seek to understand the purchase behaviour of customers
 ex: By conducting a market basket analysis, a retailer can
discover that customers tend to buy shampoo and
conditioner together. The retailer can then use this
information to promote one of the items and increase sales
of the other.
2. predicting trends and behaviors

o Decision-support systems: my models and data to analyze some structured problems

and some unstructured problems that involve extensive user involvement

• Models: simplified representations are abstracts of reality

• Sensitivity analysis: examines how sensitive an output is to change in an input

while keeping other input to constant

• Ex: how much will the monthly mortgage payment changes the
mortgage rate is increased by 0.2, or 0.5 percentage points

• What-if analysis: predict the impact of changes in the assumptions that is input
data on the proposed solution

• Ex: what will happen to the total inventory cost of the original assume
costs of caring inventories is 12% rather than 10% and the demand is
10% less than the prediction

• Goal-Seeking analysis: attempt to calculate the value of inputs necessary to

achieve the desired level output

• Ex: for example let's say an initial BI analysis predicted a profit of 2mil
the management wanted to know what sales volume would be
necessary to generate a profit of 3mil

IT’s About Business 12.1:

Insight4Care
Consider:

• How are different stakeholders (the doctor, the patient, the pharmacy company, and the
insurance company) affected by the use of Insight4Care?

• Insight4Care provide physicians with real-time visual depiction of primary care

indicators

• Insight4Care provides real time access to EMR data at the level of population

• How does the infrastructure of electronic medical records (EMR data) facilitate the use of
Insight4Care
• I4c Dashboards provide physicians with real0time access to EMR data at the level of
population
• Insight4Care was used as a tool to provide clinicians with insight into the data they input
into the system

12.4 Predictive Analytics

• Predictive analytics: examines recent and historical data to detect patterns and predict future
outcomes and trends

o Forecasts what might happen in the future based on probabilities

o Predictive analysis is (2) of data mining they can predict trends and behaviours

o Example of PA: detecting fraudulent credit card transactions. Over time, a pattern
emerges of the typical ways you use your credit card and your typical shopping
behaviours—the places in which you use your card, the amounts you spend, and so on.

• Examples of fields where data mining (predictive analytics) applications are used:

o Retailing and sales, banking: Forecasting levels of bad loans and fraudulent credit card
use, predicting credit card spending by new customers, and determining which kinds of
customers will best respond to (and qualify for) new loan offers.

o Manufacturing and production: Predicting machinery failures and finding key factors
that help optimize manufacturing capacity.

o Insurance, police work: Forecasting claim amounts and medical coverage costs,
classifying the most important elements that affect medical coverage, and predicting
which customers will buy new insurance policies.

o Police work: Tracking crime patterns, locations, and criminal behaviour in order to
predict where and when future crimes might occur

o Health care: Correlating demographics of patients with critical illnesses and developing
better insights on how to identify and treat symptoms and their causes.
 o Marketing, politics (not in here): Classifying customer demographics that can be used to
predict which customers will respond to a mailing or buy a particular produc

o Weather, social good (not in here): The U.S. National Weather Service is predicting the
weather with increasing accuracy and precision by analyzing myriad variables, including
past and present atmospheric conditions, location, temperature, air pressure, wind
speed, and many others.

IT’s About Business 12.2:

Analytics to Help Online Retail

Consider:

• How was Aldo’s use of business analytics a win-win situation for the company, for customers,
and for employees?

• Aldo used business analytics for its order fulfillment process as through its recall process
of the leftover inventory there was too much wasted stock.

• How could business analytics help different functional areas at Aldo (sales, warehousing,
accounting)?

• Celect, a cloud-based analytics platform owned by Nike, helps retailers optimize their inventory
portfolios. It optimizes fulfillment for digital orders, which include e-commerce, mobile app, or in-
store orders for out-of-stock items to be shipped from another store or warehouse.

• Celect uses Aldo's data to figure out what customers tend to buy and predict what they will buy in
the future at different stores. This helps Aldo figure out what each store needs in stock.

• Aldo has benefited from using Celect to optimize their fulfillment. They've seen a 6 to 1 return on
investment and were able to process over 350,000 units during the Black Friday weekend and
Cyber Monday. By following the recommendations of the analytics tool, Aldo has made the right
inventory decisions and had up to 12% more in-store sales. This is because they kept inventory in
stores to satisfy local demand instead of using it to fulfill online orders.

IT’s About Business 12.3:

Analytics and Online Dating

Consider:

• If you are (or were) single, would you use an online dating service? Why or why not?
 • College aged adults are more likely to be online daters

• How much information would you be willing to share with such a service? What concerns (if
any) would you have for the privacy of your data?

• EHarmony collects four types of data: demographic age, psychographic data such as interests,
and habits, behavioural data such as actions taken by users on the site, and data on couples
who met through the service

IT’s About Business 12.4:

The Los Angeles Police Department’s Use of Predictive Policing

Consider:

• What are some other places where systematic biases could be an issue in our culture or society?

• The LAPD started using Palantir in 2009 to find people who are likely to
commit crimes. They gather data from various sources to create a list of
"chronic offenders" who are at high risk of reoffending. The police give
this list to patrol officers who are told to watch these people closely and
stop them whenever possible for minor offenses like jaywalking or a
broken tail-light. Officers fill out a card with the person's information
and observations, and this data goes into the Palantir system. This
system creates a large database of people under surveillance that police
can access without a warrant.
• Reports propagate disproportionate high arrests of black
Angelinos

• How could predictive analytics algorithms be modified to reduce or eliminate systematic biases?

Algorithms can be biased because they rely on the data they are given. For example, if data
comes from a city where certain neighborhoods with people of color are over-policed, then the
algorithms will also show this bias. This can lead to innocent people being targeted for police
surveillance just because they live in those neighborhoods or know people who have been
involved in crime even if they were never done anything wrong in their lives.

• Prescriptive analytics: goes beyond descriptive and predictive models by recommending

one or more courses of action and identifying the likely outcome of each decision
 • Requires predictive analytics plus actionable data and a feedback system to track the
outcome produced by the action taken

• BA tools in prescriptive analytics:

o Statistical procedures include:

• optimization

• simulation

• decision trees

example of prescriptive analytics applications: Fandango uses prescriptive analytics to change

ticket prices based on demand. They analyze millions of showtimes to determine the most
desirable movie times and set the best price for those times, maximizing profits.

IT’s About Business 12.5:

United Parcel Service’s Three Types of Analytics

Consider:

• How did the use of IT (the BA systems) help to integrate the UPS operations?

• UPS began equipping its delivery trucks with Bluetooth receivers to reduce
incorrectly loaded packages. The receivers emit a loud beep if a worker puts a
package into a vehicle that is not going to the package’s destination. When
workers enter the correct truck, a different beep confirms that they are in the
right place.

• How did wireless technologies such as GPS and hand-held devices enable UPS to
implement its operational improvements?

UPS started using ORION in 2012, which optimizes drivers' routes based on packages, customer
needs, and UPS rules. ORION can adjust routes based on weather and accidents and continually
optimize the remaining deliveries.

12.6 Presentation Tools

• Dashboards provide easy access to timely information and direct access to management
reports – known as data visualization

o Makes the results more attractive and easier to understand

• Characteristics include:
 o User-friendly, supported by graphics

o Enables management to examine exception reports and drill down into detailed data

TABLE 12.1 The Capabilities of Dashboards

Example of dashboards

• Management cockpit: a room containing an elaborate set of dashboards that

enable top level decision makers to pilot their businesses better
o Dashboards displays KPISs and information relating to success factors on the walls of the
meeting room
 Black wall displays the principal success factors and financial indicators
 Red wall measures market performance
 Blue wall projects the performance of internal processes and employees
 White wall indicates the status of strategic protests

Geographic Information Systems

Geographic information systems: is a computer based system for capturing, integrating, manipulating
and displaying data using digitized maps

• Every record or digital object has an identified geographical location a process

called geocoding, enables users to generate information for planning, problem
solving, and decision making.

Chapter 13

Opening Case: Paychex Speeds Deployment with DevOps

Think about:

• Why is it important for new IT systems to be implemented faster?

 • a reliable service, or its customers will go elsewhere very Paychex provides a software-
as-a-service (SaaS) to its customers. Many people utilize their system every day, and the
list of user requests and performance issues is extensive. Significantly, payroll is not a
system that can go down for extended periods without generating serious problems.
Therefore, Paychex has to provide quickly.

• What are the types of feedback that users, such as Paychex employees, can provide for new
systems?

• In 2014, Paychex sought partners to transition from waterfall to DevOps

methodology.
• The move was part of their enterprise strategy to create a high-volume, high-
demand software factory.
• Their objective was to increase update velocity and improve output quality to
enhance customer experience.
• DevOps combines IT development and operations teams to develop and deploy
effective IT solutions.
• DevOps was introduced as a concept in 2008 and has demonstrated greater
proficiency than traditional methods.

13.1 Planning for and Justifying IT Applications

 Organizations have to weigh the costs & benefits of investing in specific it applications.
 Application portfolio: generates a list of both existing and potential it applications.

IT Planning

• Evaluating and Justifying IT Investment: Benefits, Costs, and Issues

Planning Process:

1. An analysis of the organizational strategic plan of It applications

1. Identifies firms mission, goals that follow mission, steps to reach goal
2. It architecture: delineates the way an organization should utilize its information
resources to accomplish its mission, encompass technical and managerial aspects of
information resources.
1. Technical aspects: include hardware and operating systems, networking, data
management systems, applications software.
2. Managerial aspects: specify how the it department will be managed, how the it
decisions are made.

IT Strategic Plan

It Strategic Plan: a set of long range goals that describe the it frastructure

• The IT strategic plan must meet three objectives:

 o It must be aligned with the organization’s strategic plan

o It must provide for an IT architecture that seamlessly networks users, applications, and
database

o It must efficiently allocate IS development resources among competing projects so that

the projects can be completed on time and within budget and still have the required
functionality

It steering committee: A committee, composed of a group of managers and staff representing

various organizational units, set up to establish IT priorities and to ensure that the MIS function
is meeting the needs of the enterprise.

A Typical IS Operational Plan Includes

• Mission statement of the IS function

• IS environment: a summary of the information needs of the individual functional areas and of
the organization as a whole

• Objectives of the IS function

• Constraints on the IS function: technological, financial, personnel and other resource limitations
on the IS function

• The application portfolio: a prioritized inventory of present applications and a detailed plan of
projects to be developed or continued during the current year

• Resource allocation and project management

Evaluating and Justifying IT Investment: Benefits, Costs, and Issues

 How to justify it investment > do a cost-benefits analysis

Assessing the Costs

Challenges

Allocating fixed costs among different it projects

o Fixed costs: those costs that remain the same regardless of any change in the
companys activity levels

Costs associated with maintain, debugging and improving the system over many years.

Assessing the benefits

 Assessing benefits is complex than calculating costs

 Asses benefits by implementing technology in one or more locations and verify that the
technology functions effectively and is accepted by consumers.
 Conducting the Cost-Benefit Analysis

• Conducting the cost-benefit analysis

o A company has to assess the costs and benefits & compare them.

o Four common approaches are:

• the net present value (NPV) method is a way to figure out if the benefits
of a project or investment are worth more than the costs. It does this by
calculating the present-day value of future benefits, which considers the
time value of money and the organization's cost of funds. If the present
value of benefits is greater than the cost required to achieve them, then
the investment or project is considered financially viable.

• Return on investment (ROI): measures management’s effectiveness in

generating profits with its available assets. ROI is calculated by dividing the net
income generated by a project by the average assets invested in the project. ROI
is a percentage, and the higher the percentage return, the better.

• Breakeven analysis: determines the point at which the cumulative dollar value
of the benefits from a project equals the investment made in the project.

• Business case approach: system developers create a document called a

business case to get justify funding for a particular project. IS professionals are
involved in this process because the business case explains what they do, how
they do it, and how a new system could improve their work.

13.2 Strategies for Acquiring IT Applications (1 of 2)

• Fundamental decisions in acquiring IT applications > selecting the best IT application

o How much computer code does the company want to write?

• totally prewritten application (write no computer code)

• customize a prewritten application (write some computer code)

• custom write an entire application (write all new computer code)

o How will the company pay for the application?

• Totally prewritten applications, companies can use internal funding

• Customized prewritten and prewritten applications, companies can buy or lease

them

o Where will the application run?

• On the company’s platform or on someone else’s platform

o Where will the application originate?

 o Prewritten applications can be open source software or come from a vendor

o Prewritten open source applications or prewritten proprietary applications can be

customized from vendors, or customize applications in-house or outsource the
customization, or write the custom applications in house or it can outsource this
process.

TABLE 13.1 Advantages and Limitations of the Buy Option

Acquisition method to acquire applications:

• Purchase a prewritten application

o A cost-effective and time-saving strategy to obtain an It application.

o Contains all the standard features required by IT applications

• Customize a prewritten application

o A difficult, costly, and large complex applications

o A good option if the software vendor allows the company to modify the application to
meet needs
• Lease the application

o Saves a company time and money

o Attractive to small companies, large companies, companies that don’t have sufficient it
personnel to develop custom It applications, companies that can’t afford to wait for
strategic applications to be developed in-house.

o Leasing is executed in three ways:

• Lease the application from a software developer, install it, and run it on the
companies platform, the vendor assists with installation and maintenance of
the system

• Leasing an application and running it on the vendors platform (ex. Saas or

application service provider)

• Application service providers (ASP) and Software-as-a-Service (SaaS) vendors

o application service provider (ASP) is an agent or a vendor that assembles the software
needed by enterprises and then packages it with services such as development,
operations, and maintenance

o Software-as-a-service (SaaS) is a method of delivering software in which a vendor hosts

the applications and provides them as a service to customers over a network, typically
the Internet

• Customers don’t own the software, rather pay for using it

• Use open-source software

o Organizations obtain a license to implement an open-source software product and

either use it, as is, customize it, or develop applications with it.

• Outsourcing

o Outsourcing: acquiring it applications from outside contractors or external organizations

• Used when companies want to experiment with new it technologies without

making a big upfront investment

• One disadvantage: corporate data is under the control of the

outsourcing vendor

o Offshoring: outsourcing offshore (ex. China or india)

• Disadvantages: poor communication between users and developers

• How to fix this:

• Reverse outsourcing or insourcing: bringing outsourcing back in

house
 • Continuous development

o Continuous application development: is the process of steadily adding new computer

code to a software project when the new computer code is written and tested

• Employ custom development

o Custom building applications be performed in-house or outsourced.

• Disadvantages: costly, time consuming than other options

• How It is developled:

o 1. Starts with an it steering committee who choses the suggestions for a new system
coming from users

o 2. In the developmental stage, mindsets change on It application

o 3. In systems investigation stage, the organization decides to build something

o 4. In later stages of development, the organization builds the application

IT’s About Business 13.1:

Developers Help Developers Help Dry Cleaners

Consider:

• How the global economy and the Internet result in an innovation rapidly becoming a
requirement (e.g., Starchup in 2016 was an innovation, but is not considered one now). What
other IT services are new but commonplace?

• How many cleaning apps are there in your neighbourhood? Do they seem to be easy to use?

Starchup is a Chicago-based software-as-a-service provider that launched in 2015.

Its founders, Dan Tobon, Nick Chapleau, and Geoffroy Lessage, created a web-based
app to turn any dry cleaner into an on-demand service, disrupting the traditional dry-
cleaning industry.

Gigster operates a business model similar to Uber or Lyft, but instead of sharing vehicles,
it allows the sharing of expensive software developers. The company provides on-
demand software development and design services, primarily to entrepreneurs and
small- to medium-sized businesses. Gigster has a rigorous selection process for its
designers and developers, hiring only about 7% of applicants. This ensures that their
customers can expect high-quality programming work for their app, with a quote and
development timeline provided within minutes of the initial chat.

13.3 Traditional Systems Development Life Cycle

 The systems development life cycle: is the traditional systems development method that
organizations use for large scale it projects

• Systems development life cycle (SDLC) stages:

o Systems investigation

o Systems analysis

o Systems design

o Programming and testing

o Implementation

o Operation and maintenance

Systems development projects produce desired results through team efforts:

 Users: employees from all functional areas of the organizations who interact with the system
either directly or indirectly
 Systems analysts: is professionals who specialize in analyzing and designing information systems
 Programmer: is professionals who either modify existing computer programs or write new
programs to satisfy user requirements
 Technical specialists: experts on a certain type of technology
 Systems stakeholders: everyone who is affected by changed in a company’s information
systems

SDLC: Systems Investigation

 System investigation is the initial stage in a SDLC

 The more time a systems development professional invests in these factors
will have a greater chance of success
o Understanding the business problem to be solved
o Specifying the technical options for the systems
o Anticipating the problems they are likely to encounter during the development the
greater the chances of success
 Systems investigation: addresses the business problem or business opportunity by means of the
feasibility study

• Three basic solutions to any business problem relating to an information system:

o Do nothing and continue to use the existing system unchanged!

o Modify or enhance the existing system

o Develop a new system

 • Feasibility study

Feasibility study: analyzes which of these three solutions best fits the particular business problem

o Technical feasibility: determines whether the company can develop or otherwise

acquire the hardware, software, and communications components needed to solve the
business problem.

o Economic feasibility: determines whether the project is an acceptable financial risk

and, if so, whether the organization has the necessary time and money to successfully
complete the project (ex. NPV, ROI, breakeven analysis and the business case
approach)

o Behavioural feasibility: addresses the human issues of the systems development

project. You will be heavily involved in this aspect of the feasibility study.

• Steering committee prioritizes and makes a go/no go decision.

o Firms must prioritize feasible projects with the highest priority.

o Hidden backlog: which are projects that the it department is not aware of.

TABLE 13.2 Advantages and Disadvantages of System Acquisition Methods

Traditional Systems Development (SDLC)

Advantages

Forces staff to systematically go through every step in a structured process.

Enforces quality by maintaining standards.
Has lower probability of missing important issues in collecting user requirements.

Disadvantages
May produce excessive documentation.
Users may be unwilling or unable to study the approved specifications.
Takes too long to progress from the original ideas to a working system.
Users have trouble describing requirements for a proposed system.

Prototyping
Advantages

Helps clarify user requirements.

Helps verify the feasibility of the design.
Promotes genuine user participation.
Promotes close working relationship between systems developers and users.
Works well for ill-defined problems.
May produce part of the final system.
Disadvantages
May encourage inadequate problem analysis.
Is not practical with large numbers of users.
Users may not want to give up the prototype when the system is completed.
May generate confusion about whether the system is complete and maintainable.
System may be built quickly, but can result in lower quality.

Joint Application Design (JAD)

Advantages

Involves many users in the development process.

Saves time.
Generates greater user support for the new system.
Improves the quality of the new system.
The new system is easier to implement.
The new system has lower training costs.

Disadvantages

It is difficult to get all users to attend the JAD meeting.

The JAD approach is subject to all of the problems associated with any group meeting.

Integrated Computer-Assisted Software Engineering (ICASE)

Advantages

Can produce systems with a longer effective operational life.

Can produce systems that closely meet user requirements.
Can speed up the development process.
Can produce systems that are more flexible and adaptable to changing business conditions.
Can produce excellent documentation.

Disadvantages

Systems are often more expensive to build and maintain.

The process requires more extensive and accurate definition of user requirements.
It is difficult to customize the end product.

Rapid Application Development (RAD)

Advantages

Can speed up systems development.

Users are intensively involved from the start.
Improves the process of rewriting legacy applications.

Disadvantages
 Produces functional components of final systems, but not the final systems themselves.

End-User Development

Advantages

Bypasses the IS department and avoids delays.

User controls the application and can change it as needed.
Directly meets user requirements.
Promotes increased user acceptance of new system.
Frees up IT resources.

Disadvantages

May eventually require maintenance from IS department.

Documentation may be inadequate.
Leads to poor quality control.
System may not have adequate interfaces to existing systems.
May create lower-quality systems.

Object-Oriented Development

Advantages

Objects model real-world entities.

New systems may be able to reuse some computer code.

Disadvantages

Works best with systems of more limited scope (i.e., with systems that do not have huge numbers of objects).

SDLC: Systems Analysis

• The process whereby systems analysts examine the business problem that the
organization plans to solve with an IS
o Purpose of the system is to gather information about existing system to
determine requirements for a new system
• Deliverable:
o A set of system requirements (i.e., user requirements) that must satisfy
SDLC: Systems Design
• Describes how the system will resolve the business problem
• Deliverable of the systems:
o A set of technical system specifications that specify:
• System outputs, inputs, calculations or processing, and
user interfaces
• Hardware, software, databases, telecommunications,
personnel, and procedures
 • A blueprint of how these components are integrated
• Scope creep: adding functions to an information system after the
project has begun.
o A systems specifications shouldn’t be changed (ex. Scope
creeps

SDLC: Programming and Testing

If an organization decides to construct the software in house
• Programming: translating the design specifications into computer
code
• Testing: the process that assesses whether the computer code
will produce the expected and desired results
o Also intended to detect errors, or bugs in the computer code

SDLC: Implementation
• Implementation (i.e., deployment): the process of converting
from an old computer system to a new one
• Conversion strategies:
o Direct conversion: the old system is cut off, and the new
system is turned on at a certain point in time.
o Pilot conversion: introduces the new system in one part of
the organization, such as in one plant or one functional
area., then accessed and implemented if worked
o Phased conversion: introduces components of the new
system, such as individual modules, in stages. Each module
is assessed. If it works properly, then other modules are
introduced until the entire new system is operational.
o Parallel conversion (or historic parallel): in which the old
and new systems operate simultaneously for a time

Operation and Maintenance

• Systems operate while they meet their objectives
o Assessed using audits if being used correctly
 • Systems require several types of maintenance:
o Debugging: a process that continues throughout the life of
the system
o Updating: accommodates the system to changes in business
conditions
o New function: adds new functions to existing system
without disturbing operation

13.4 Alternative Methods and Tools for Systems Development

• Joint application design (JAD): A group-based tool for collecting
user requirements and creating system designs
• JAD involves a group meeting attended by the analysts and
all of the users that can be conducted either in person or
through the computer. During this meeting, all users jointly
define and agree on the systems requirements
• Rapid application development (RAD)
• A development method that uses special tools and an
iterative approach to rapidly produce a high-quality system.
• In the first RAD stage, developers use JAD sessions to
collect system requirements.The development process
in RAD is iterative; that is, requirements, designs, and
the system itself are developed and then undergo a
series, or sequence, of improvements. RAD uses ICASE
tools to quickly structure requirements and develop
prototypes. As prototypes are develop users review
them in JAD sessions, RAD produces the functional
components of a final system rather than prototypes.
• Agile development: A software development methodology that
delivers functionality in rapid iterations, measured in weeks,
requiring frequent communication, development, testing, and
delivery.
 • Software doesn’t include every possible feature the user
will require.
• Scrum approach: during a project, users can change
their minds about what they want and need.
Scums contains sets of practices, the primary roles are:
1. The scrum master maintains the
processes
2. The product owner: represents the
business users and any other
stakeholders in the project
3. The team: a cross functional group of
about seven people who perform the
actual analysis, design, coding,
implementation and testing
How Scrum Works:
Each sprint – a two to four week period – a team creates a shippable
product increment that comes from a product backlog
A sprint plan meeting will determine backlog items that need to be
completed – the team members determine how many projects they can
commit to on the next sprint – they record this info in the sprint
backlog.
Each sprint must end on time – team demonstrates how to use
software after completion.

Minimum viable product development – another form of agile

development
• End-user development: End-user development is an approach in
which the organization’s end users develop their own applications
with little or no formal assistance from the IT department -
referred to as shadow IT.
• Shadow it is vulnerable and creates avenues for criminals to
access private company and customer data
• DevOps
 • DevOps: is a form of software development that brings the
developers and the users (operations) together throughout
the entire process with the goal of reducing the time to
deployment, increasing the usability of the finished product,
and lowering the cost of new app development.

Tools for Systems Development

Tools used for various system development methods

• Prototyping
• Prototyping: approach defines an initial list of user
requirements, builds a model of the system, and then
refines the system in several iterations based on users’
feedback.
• Prototype: a smaller version of a larger system
• Two types: contains only the components of the
new system that most interests users, or small
scale working model of the entire system
• Integrated computer-assisted software engineering tools (iCASE
and CASE, upper CASE, lower CASE)
• refers to a group of tools that automate many of the tasks
in the SDLC.
• The tools that are used to automate the early stages
of the SDLC (systems investigation, analysis, and
design) are called upper CASE tools.
• The tools used to automate later stages in the SDLC
are called lower case tools
• Integrated case tools: links between upper case
and lower case tools
• Component-based development
• Component based development uses standard components
to build applications
 • Object-oriented development
• Object oriented development: based on a different view of
computer systems than the perception that characterizes
traditional development approaches.
• Traditional approaches can produce a system that
performs the original task but may not be suited for
handling other tasks.
• Object oriented system: begins with the task to be
performed with aspects of real world that must be
modelled to perform tasks.
• Containers
• Containers: the method of developing applications that run
independently of the base operating system of the server
• Allows application providers to develop, text and
deploy technology that will run in practice like it does
in testing,
Low-code development platforms (LCDP)
 Low-code Development Platforms (LCDPs) make use of visual
interfaces to develop applications rather than traditional
procedural hand-coding.
o Rapid development (reduces amount of code written)
Vocabulary

Business analytics (BA) refers to the skills, technologies, and practices for continuous iterative
exploration and investigation of past business performance to gain insight and drive business planning