MIS 2101 – Final Exam Study Guide: Carey O’Donnell
Sections 005 & 401 – Chapters 7 thru 10
Chap 7: Enhancing Business Processes Using ERP
Traditional business functions: (primary focus of ERP systems; not silos, but highly interrelated)
 Marketing and sales
 Supply chain management
 Accounting and finance
 Human resources
Order-To-Cash Process: all of the processes associated with selling a product or service (Sales Order Process)
Procure-To-Pay process: the processes associated with procuring goods from external vendors (Supply Chain)
Make-to-Stock / Make-to-Order Process: the processes associated with producing goods (Production)
Supply Chain: Core business processes enable the creation of supply chains; a “river” of material and activity
Value Chain: the set of business activities that add value to the end product. Two types of business activities:
 Core Activities: Inbound Logistics, Manufacturing, Outbound Logistics, Sales/Marketing, Customer Service
 Support Activities: Administration, HR, Tech Development, Purchasing
Legacy Systems: describes a firm’s existing IT systems; usually not integrated..silos of individual systems
ERP: Provides an integrated set of business applications in a master database used by every department &
business process
 Internally focused systems
 Externally focused systems
Primary ERP modules/applications:
 CRM - Customer Relationship Management
 Sales Order Processing
 SCM – Supply Chain Management
Primary value of ERP systems: forcing ‘Best Practices’ on all business processes
Core Components of ERP Systems:
 Financial Management
 Operations Management
 Human Resource Management
The primary organizational problems that drove the rapid implementation of ERP systems:
 Stand-alone Legacy applications (silos)
- Not designed to communicate with other system
- Variety of computing hardware platforms
- Enable departments to conduct daily business activities
- Not helpful for other areas in the firm
 Multiple Proprietary Legacy systems
- From vendors
- Not designed to share with other vendors’ systems
- Problem of knitting together (hodgepodge portfolio of discordant proprietary applications)
- Lack of integration between systems
The Formula for Success with Enterprise Resource Planning Systems:
 Secure executive sponsorship (Most failures are due to lack of top-level management support)
 Get help from outside experts (consultants can make implementations faster)
 Thoroughly train users.
- Training is the most overlooked, underestimated, and poorly budgeted expense
 Take a multidisciplinary approach to implementations (Include end users from all functional areas in the
development & implementation)
Chap 8: Supply Chain Systems
What is a Supply Chain?
 A supply chain is a collection of companies and processes moving a product:
- suppliers of raw materials
- suppliers of intermediate components
- final production
- to the customer
 Upstream—flow from sources of raw materials and components
 Downstream—flow to customers
 Suppliers - have their own supply chain
 A better name for this process: supply network
Benefits & Problems with Supply Chains:
 Potential benefits
- Process innovations
- Just-In-time Production (JIT)
- Vendor-Managed Inventory (VMI)
 Potential problems
- Distorted information
- Excessive inventories
- Inaccurate capacity plans
- Missed product schedules
Just-In-Time Production (JIT)
 Keeping inventory is costly (storage, capital, missed production schedules).
 JIT optimizes ordering quantities.
- Parts and raw materials arrive when needed for production
- As orders arriver in smaller quantities, but at higher frequency) investment in storage space and
inventory is minimized
 It is used extensively by computer manufacturers to avoid component obsolescence (Moore’s law).
- Example: Dell keeps only two hours of inventory in stock
 JIT requires tight cooperation between all partners in the supply network.
Other issues involving complex Supply Chains:
 The Bullwhip Effect – Where small end-product demand fluctuations cause large fluctuations further up
the supply chain, and Small forecasting errors at end of supply chain cause large errors further up the
supply chain. Integrated business processes (ERP) help mitigate the bullwhip effect.
 Corporate Social Responsibility - Transparency and accountability within the supply chain helps save
costs and create a good image. ERP’s can help when facing Product Recalls. Promotes sustainable
business practices.
Supply Chain Planning (SCP) – Four types of plans are used in businesses:
 Demand planning and forecasting
- Examination of historic data
 Distribution planning
- Delivering products to consumers
- Warehousing, delivering, invoicing, and payment collection
 Production scheduling
- Coordination of activities needed to create the product/service
- Optimization of the use of materials, equipment, and labor
 Inventory and safety stock planning
- Development of inventory estimates
Supply chain visibility—The ability to track products as they move through the supply chain, and to foresee
external events.
Supply chain analytics—The use of key performance indicators to monitor performance of the entire supply
chain, including sourcing, planning, production, and distribution.
Primary Objectives of Supply Chain Management (SCM) Strategy:
 Efficiency—cost minimization.
 Effectiveness—customer service maximization.
RFID (Radio Frequency Identification) is revolutionizing Supply Chain Management :
 Walmart the world leader in SCM via RFID
 RFID will soon replace standard bar codes on products


Tags are programmable, a vast array of uses; scanning can be done from greater distances
Many privacy concerns about RFID
Primary drivers of Customer Relationship Management (CRM) Technology:
 Customers have the power
 Economic transformation is taking place; i.e., from transactions to relationships
 Keeping customers satisfied is the key
Primary objectives of CRM: Companies search for ways to widen, lengthen, and deepen customer relationships:
 Widen – attract new customers
 Lengthen – keep customers satisfied and coming back
 Deepen – develop small customers into long-term profitable customers
Primary architecture of CRM systems:
 Operational CRM – e.g. Sales Force Automation (SFA), Customer Service & Support (CSS)
 Analytical CRM - Analysis of customer behavior and perceptions, to support marketing campaigns,
customer segmentation, and pricing strategies
 Collaborative CRM – improve communications internally & externally to better satisfy & retain customers
Powerful CRM Tool – Digital Dashboards:
 Digital dashboards help to visualize key CRM performance metrics; help process & comprehend lots of
information quickly
Chap 9: Developing & Acquiring New Information Technology Systems
Justifying IT Systems requires making a Good Business Case:
 Build a strong, integrated set of arguments based on facts and evidence
 Prove that an information system adds value to the organization
 Get rid of systems that are not adding value
 Proposed system –determine whether the new system is a “go” or a “no-go”
 Existing system—determine whether the company will continue to fund & support the system
The Productivity Paradox:
 Measurement problems – must balance effectiveness vs. efficiency
 Time lags – can be significant delays between initial investments/costs & system benefits
 Redistribution – no value in simply passing problems on to somewhere else in the organization
 Mismanagement – No amount of IT investment can overcome bad management
Three Strategies for Making the Business Case for IT Investment:
 Faith – Arguments that are based on beliefs about organizational strategy, competitive advantage,
industry forces, customer perceptions, market share; not hard facts but good arguments about what you
believe and can project
 Fear - Arguments that are based on the notion that if the system is not implemented, the firm will lose
out to the competition or, worse, go out of business
 Fact - Arguments that are based on data, quantitative analysis, and/or indisputable factors. Where you
provide a detailed cost-benefit analysis as proof
How to prepare a Cost-Benefit Analysis for a FACT-based argument:
 Identifying costs
- Total cost of ownership (TCO)
- Nonrecurring costs vs. recurring costs
- Tangible costs vs. intangible costs
 Identifying benefits
- Tangible benefits vs. intangible benefits
 Performing cost-benefit analysis
- Breakeven analysis
- Net-present value analysis
 Comparing competing investments
- How does this investment compare to other potential investments?
Tips when presenting the Business Case:
 Know the audience.
- People from different areas of the firm typically hold very different perspectives.
 Convert benefits to monetary terms.
- Example: Convert time savings into dollar figures.
 Devise proxy variables.
- Alternative measures of outcomes (Example: Reduction in administrative tasks, more customer
contact)
 Measure what is important to management.
- Concentrate on the issues senior business managers care about. Focus on hot-button issues like Cycle
time, regulatory requirements, etc.
Options for Acquiring New IT Systems & Software:
 Option 1: Build your own IT system
- Pro: get a custom system per your needs, pay for only what you need
- Con: Do you have enough expertise in-house? Often high cost of development
 Option 2: Buy a pre-packaged system
- Pro’s: Less costly, easy to procure, requires no specific tailoring or development
- Con’s: Not tailored for your unique processes, might not offer what you really need


Option 3: Outsource development to a 3rd party developer
- Pro’s: have the skills & expertise, experienced
- Con’s: Cost, security of your confidential data
Option 4: End-User development
- Pro’s: Agile, fast development of prototypes
- Con’s: Hard to do, finding the skills within your own organization
Systems Development Life Cycle: A proven, structured process for tackling big organizational problems & IT
systems, by breaking it down into manageable tasks, and successfully developing new systems by following a
complete life cycle process:





Phase 1: Systems Planning & Selection
Phase 2: Systems Analysis
Phase 3: System Design
Phase 4: System Implementation & Operation
Maintenance & Training
System Implementation & Conversion Strategies (understand the differences):
 Parallel
 Direct Cut-Over
 Phased
 Pilot
External Acquisition: Buying IT Systems from Outside Vendors (e.g. IBM, Accenture, SAP). Working to create
the most competitive process for getting the best system (similar to SDLC process):
1. Systems planning and selection
2. Systems analysis
3. Development of a request for proposal
4. Proposal evaluation
5. Vendor selection
One of most important steps: developing a good RFP (Request For Proposal):
 Documentation detailing system requirements sent to prospective vendors
 Invitation to vendors to present bids for the project
Software licensing is the permissions and rights that are imposed on applications & software.
Growing Trend – Application Service Providers. Solves many of the problems organizations have operating
their own complex IT systems:
- Managing the software infrastructure is a complex task.
- High operating costs
- Scalability issues
- In-house expertise

Solution – Outsource your IT to ASP’s , who provide businesses with SaaS (software as a service)
- Reduced need for companies to maintain or upgrade software
- Variable fee based on actual use of services (only pay for what you actually use)
- Ability to rely on a provider’s expertise; they have the expertise to maintain best of class system
Chap 10: Securing Information Systems
Primary Threats to Information System Security:
 Natural disasters
- Power outages, hurricanes, floods
 Accidents
- Power outages, fire
 Employees and consultants (stealing confidential information)
 Outsiders
- Viruses, Spyware, Hackers, Crackers
Computer crime—The act of using a computer to commit an illegal act
- Targeting a computer while committing an offense
- Using a computer to commit an offense
Using computers to support a criminal activity
Types of computer users pursuing illegal activity:
 Hackers—individuals who are knowledgeable enough to gain access to computer systems without
authorization.
- Term first used in the 1960s at MIT
- Often the motivation is curiosity, not crime
 Crackers—those who break into computer systems with the intention of doing damage or committing a
crime.
 Hacktivists—Those who attempt to break into systems or deface Web sites to promote political or
ideological goals
Profile of people who commit computer crimes:
1. Current or former employees
- 85–95% of theft from businesses comes from the inside
2. People with technical knowledge committing crimes for personal gain
3. Career criminals using computers to assist them in crimes
4. Outside crackers hoping to find information of value
- About 12 percent of cracker attacks cause damage
Malware—short for “malicious software” such as viruses, worms, and Trojan horses
- Virus—a destructive program that disrupts the normal functioning of computer software
- Worm - variation of a virus that is targeted at networks, taking advantage of security holes
-
Trojan Horse - does not replicate, but causes damage. Codes are hidden
Logic bombs or time bombs - Variations of Trojan Horses. Time bombs are set off by specific dates;
logic bombs are set off by certain types of operations.
A common attack on IT Systems: Denial of Service:
 Attackers prevent legitimate users from accessing services
 Zombie computers
- Created by viruses or worms
- Attack Web sites
 Servers crash under increased load
Spyware: Hidden within freeware or shareware, or embedded within Web sites:
 Gathers information about a user
- Credit card information
- Behavior tracking for marketing purposes
 Eats up computer’s memory and network bandwidth
Adware:
 Free software paid by advertisements
 Sometimes contains spyware
 Collects information for banner ad customization
Cookies: Cookies are messages passed to a Web browser from a Web server:
 They are stored in a text file.
 They are used for Web site customization.
 Cookies may contain sensitive information.
 Managing cookies
- Cookie killer software; removes cookies
- Web browser settings; you can delete cookies
- Tradeoff is convenience vs. privacy
Identity Theft: fastest growing ‘information crime’
 Stealing another person’s:
- Credit card number
- Social Security number
- Other personal information
 Results in bad credit for victim
Cybersquatting: The practice of registering a domain name and later reselling it.
Cyber Harassment, Stalking, and Bullying:
 Cyber harassment: Crime that broadly refers to the use of a computer to communicate obscene, vulgar,
Cyber stalking:
- Making false accusations that damage reputation of another

Gaining information on a victim by monitoring online activities
Using the Internet to encourage others to harass a victim
Attacking data and equipment of a victim by sending e-mail viruses or other destructive code
or threatening content
Cyber bullying is the deliberate cause of emotional distress to a victim

-
Intellectual property
Patents: process or machine inventions
Copyrights: creations of the mind
Software Piracy is a huge, global problem:
 Worldwide losses exceeded $53 billion in 2008
 Some factors influencing piracy around the world:
- Concept of intellectual property differs between countries
- Economic reasons for piracy
- Lack of public awareness about the issue
Cyberwar—Military’s attempt to disrupt or destroy another country’s information and communication systems
- Goal is to diminish opponent’s communication capabilities.
- It is used in concert with traditional methods
- Primary targets - Command and control systems
Cyberterrorism: A serious and growing problem
 Governments are not involved.
 Attacks can be launched from anywhere in the world.
 Goal is to cause fear, panic, and destruction.
 Developed nations’ technology, electrical, and other infrastructure is very vulnerable to cyber terrorism
 Cyberterrorism will likely become a weapon of choice in the future
Technology Safeguards for IT Systems:
 Physical access restrictions
 Firewalls
 Encryption
 Virus Monitoring and prevention
 Audit-control software
 Dedicated facilities
Computer Forensics:
 Use of formal investigative techniques to assess digital information
- Evaluation of storage devices for evidence of illegal activity
- Restoration of deleted files
IT Controls:
 Three general categories of controls:
- Preventive controls
- Detective controls
- Corrective controls
Main Types of IT Controls:
 Policies
- Define aim and objectives
 Standards
- Support the requirements of policies
 Organization and management
- Define the lines of reporting
 Physical and environmental controls
- Protect the organization’s IS assets
Sarbanes-Oxley Act – 2002:
 The Sarbanes-Oxley Act was formed as a reaction to large-scale accounting scandals.
- WorldCom, Enron
 It primarily addresses the accounting side of organizations.
 Companies have to demonstrate that:
- controls are in place to prevent misuse and fraud,
- controls are in place to detect potential problems, and
- measures are in place to correct problems
 One of the primary drivers for ERP systems & technology over the past decade