ADM 2372 Management Information Systems Course Weights: Team Assignment - 40% Midterm Exam - 25% Final Exam - 35% Chapter 1 Information Technology refers to any computer based tool that people use to work with information and to support an organization's information and information processing needs Information system collects, processes, stores, analyzes, and disseminates information for a specific purpose Digital Transformation is the business strategy that leverages IT to dramatically improve employee, customer, and business partner relationships. What drives it: Big Data Business analytics Social computing Mobile computing The internet of things Agile systems development methods Cloud computing Artificial intelligence Why Learn about information systems: 1. Become an informed user which allows you to: a. Benefit from your organizations IT applications b. In position to enhance the quality of your organizations IT applications c. Enhance your output 2. Also i will undoubtedly undergo a technological transformation Complexity of Managing Information Resources comprises of: IS have enormous strategic value to organizations. Some firms are hostages to information systems, where they cannot function without it Very expensive to acquire, operate and maintain Evolution of management IS, and how users now can interact directly with the mainframe (end-user computing) Traditional Functions of the MIS department New Functions of the MIS Department Managing system development and system project management Managing computer operations, including the computer centre Providing technical services Infrastructure planning, development and control Staffing, training, and developing IS skills Initiating and designing specific strategic information systems Incorporating the internet and electronic commerce into the business Managing system integration Education the non-MIS managers about IT Partnering with business unit executives Managing outsourcing Data items refer to an elementary description of things, events, activities, and transactions that are recorded, classified, and stored, but are not organized to convey any specific meaning. Information refers to data that have been organized so that they have meaning to the recipient. Knowledge consists of data and/or information that have been organized and processed to convey understanding, experience, accumulated learning, and expertise as they apply to a current business problem. Computer Based information systems are IS that use computer technology to perform some or all of its intended tasks. Comprised of: Hardware, software, database, network, procedures and people. Information Technology can be used for: Product Analysis : Developing new goods and services Site Analysis : Determining the best location for production and distribution Promotion analysis : identifying the best advertising channels Price analysis : setting product prices to obtain the highest total revenues Enterprise resource planning systems and transaction processing systems are designed to correct a lack of communication among the functional area ISs. For this reason, figure 1.4 shows ERP systems spanning the FAISs. Interorganizational information systems (IOSs) support many interorganizational operations, of which supply chain management is best known. How IT impacts organizations: 1. IT impacts entire industries 2. IT reduces the number of middle managers 3. IT changes the managers job 4. IT impacts employees at work 5. IT impacts employees health and safety 6. IT provides opportunities for people with disabilities How IT affects society: 1. Affects our quality of life 2. The robot revolution is here now 3. Impacts health care 4. Emergence of cognitive computing 5. Volume, Variety, Velocity Chapter 2 Information systems that are strategic provide a competitive advantage if it is used properly. Competitive advantage refers to any assets that provide an organization with an adge against its competitors in some measure, such as cost, quality, or speed, helping control a market and accrue larger than average profits. Business process is an ongoing collection of related activities or tasks that in a specific sequence create a product or a service of value to the organization. It involves Inputs, resources, and outputs. Examples: Accounting Business process (managing accounts payable), production BP (applying disability policies), Marketing BP (Producing sales leads) How to measure business processes: Effectiveness - doing the things that matter Efficiency - doing things without wasting resources, getting things done with less resources Cross Functional Processes Where multiple functional areas collaborate to perform the process Example, product fulfillment and procurement Procurement: all necessary steps to acquire needed materials externally from a vendor 5 steps that involve the departments warehouse, purchasing and accounting 1. Warehouse recognizes the need for procurement 2. 3. 4. 5. Purchasing department identifies a suitable vendor Materials are received in the warehouse Vendor sends invoice which is sent to accounting Accounting sends payment to the vendor, thereby completing the process Fulfillment: all necessary steps to process customer orders Involves departments sales, accounting, warehouse 1. Sales validates the sale with a purchase order 2. Sales order communicates data to warehouse, who prepares and ships 3. Accounting receives payment Companies must be more efficient and effective to have a competitive advantage over their competitors. To determine whether a process is efficient, document the processes inputs, resources, and outputs, and then analyze. Example: In this example, effectiveness would be the ability for a customer to book tickets, and efficiency would be time required to purchase tickets. Information systems are crucial to enable business processes, as they facilitate communication and coordination among different functional areas. Three vital roles: 1. Executing the process a. . . If IS does not work, usually BP can not be executed 2. Capturing and storing process data Captures and stores dates, times, product numbers, quantities, prices, addresses 3. Monitoring process performance Indicates how well a process in running Excellence in executing BP is widely recognized as the underlying basis for all significant measures of competitive performance (customer satisfaction, cost reduction, cycle and fulfillment time reduction) Business process reengineering is the strategy of redesigning BP to enable reduced costs and increased quality. Often too difficult, radical, lengthy and comprehensive. Business process improvement is structuring work around BP rather than individual tasks, resulting in less radical, less disruptive improvements. Six Sigma Popular methodology for BPI initiatives, popular with manufacturing environments No more than 3.4 defects per million outputs by using statistical methods to analyze the process 5 Phases: 1. DEFINE : BPI team documents existing process activities, resources and process inputs and outputs. 2. MEASURE: BPI team identifies relevant process metrics and collects data to understand how the metrics evolve over time 3. ANALYSIS: BPI team examines the AS process mpa and collects data to identify problems with the process. Usually when they use process simulation software 4. IMPROVE: BPI team identifies solutions for addressing the root causes, maps the solutions, and selects and implements. BPI are less risky and costly, although don’t provide the same performance gains promised by BPR To sustain BPI efforts over time, organizations can adopt business process management, which are the tools to support the design, analysis, implementation, management and continuous optimization of core business processes. Business activity monitoring (BAM) is a realtime approach for measuring and managing business processes BPM activities are often supported by business process management suites (BPMS). Social BPM is a technology that enables employees to collaborate internally and externally using social media tools. Business Pressures, Organizational Responses, and Information Technology Support Business environment is the social, legal, economic, physical and political factors in which the business conducts their operations. Changes in these apply business pressure. Examples of Business Pressure include: Globalization Changing nature of the workforce Powerful customers Technological pressures : Technological innovation and obsolescence, information overload Societal/political/legal pressures: Social responsibility, compliance with government regulations, protection against terrorist attacks, Ethical Issues, Green IT addresses some of its most pressing environmental concerns in three areas: Facilitates design and management, carbon management, canadian and international environmental laws Digital divide is the wide gap between those individuals who have access to information and communications technologies and those who do not Organizational responses is the response to these business pressures. These include: Strategic systems: providing more advantages that enable organizations to increase their market share and profits to better negotiate with suppliers and to prevent competitors Customer focus; make the difference between attracting and retaining customers versus the competition Make-to-order and mass customization: mass customization allows cheaper products E-business (Serving customers online) and E commerce (Buying, selling and transferring products, services or information for money) Competitive Advantage and Strategic Information Systems Competitive strategy is a statement that identifies a business approach to compete, its goals, and the plans and policies that will be required to carry out those goals. Strategic information systems provide a competitive advantage by helping an organization to implement its strategic goals and improve its performance and productivity (anything that helps achieve competitive advantage or reduce a competitive disadvantage) Micheal Porter’s Competitive Forces Model Can be used to develop strategies to increase their competitive edge by identifying 5 major forces that can enhance or threaten a company’s position in a given industry. THE FORCES: 1. Threat of new competitors: dependant on the barriers to entry 2. Buyer power: when buyers have many options, power is higher. Loyalty programs reduce buying power 3. Supplier power: with less suppliers come less cost saving options and negotiation choices, unifying the industry. 4. Threat of substitute products: higher switching costs reduces this threat 5. Rivalry among existing firms: more firms can cause higher rivalry Propriety IS are systems that are unique to a firm, which was a lot more common before competitors can now instantaneously see any improvements from competitors Porter's Value Chain Model Can be used to identify specific activities in which they can use competitive strategies (IT) for greatest impact. A value chain is a sequence of activities through which the organization's inputs are transformed into more valuable outputs. This model is separated into Primary activities (related to the production and distribution of the firm's products and services) and support activities (do not add direct value to the firm's products and services). Each support activity can be applied to any or all of the primary activities or support one another. A value system, or industry value chain emcompasses the value chain along with a larger stream of activities including providing the inputs necessary to the firm along with their value chains. Strategies for Competitive Advantage: 1. Cost leadership strategy: produce products and services at the lowest cost in the industry 2. Differentiation strategy: offer different products,services or product features than your competitors 3. Innovation strategy: introduce new products and services, add new features to existing products and services, or develop a way to produce them 4. Operational effectiveness strategy: improve the manner in which a firms executes its internal business processes so that it performs these activities more effectively than its rivals 5. Customer orientation strategy: concentrate on making customers happy. Web based systems are particularly effective with this. Business Information Technology Alignment The tight integration of the IT function with the organization's strategy, mission, and goals. Known as the best way for organizations to maximize their strategic value. 6 characteristics of excellent alignment 1. Organizations view IT as an engine of innovation that continually transforms the business, often creating new revenue streams 2. Organizations view their internal and external customers and their customer service function as supremely important 3. Organizations rotate business and IT professionals across departments and job functions 4. Organizations provide overarching goals that are completely clear to each IT and business employee 5. Organizations ensure that IT employees understand how the company makes or losses money 6. Organizations create a vibrant and inclusive company culture Failing reasons to achieve this type of close alignment: 1. Business managers and IT managers have different objectives 2. Business and IT departments are ignorant of other groups expertise 3. There is a lack of communication Two fundamental metrics that organizations employ in assessing their processes are effectiveness and efficiency. Effectiveness focuses on doing the things that matter; that is, creating outputs of value to the business process customer—for example, in a manufacturing business process, effectiveness would be measured as making high-quality products, or in a sales business process effectiveness could be measured as an employee meet- ing the monthly sales quota. Efficiency focuses on doing things without wasting resources; for example, progressing from one process activity to another without delay or without wasting money. Following our example, it would be to make products of higher quality with the same cost, or for an employee, it could mean meeting her sales quota in less time. In a nutshell, effec- tiveness is about getting things done, and efficiency is about getting more things done with the same or fewer resources. Chapter 5 - Data and Knowledge Management Entity-relationship Modeling - a tool that helps create a model of how users view a business activity Database decision are hard to change in relation to software and hardware Data warehouses help individuals Managing Data Data should be accurate, complete, timely, consistent, accessible, relevant, and concise. Problems to data management Amount of data increases exponentially with time Scattered throughout organizations, hard to keep track of Generated from multiple sources: internal sources( corporate databases, and company documents), and external sources (commercial databases, government reports). Clickstream data Subjected to Data rot - over time temperature humidity and exposure to light can cause physical problems with storage media Many companies are drowning in unstructured data Federal government regulates the proper protection and collection of data through bill 198 Data governance An approach to managing information across an entire organization. It involves a formal set of business processes and policies that are designed to ensure that data are handled in a certain, well-designed fashion. Master data: set of core data such as customer, product, employee, vendor, geographic location that span the enterprises information systems Transactional data: captured by the operational systems, describes the business activities or transactions The Database Approach Data file is a collection of logically related records Database systems minimize the following problems: 1. Data redundancy: the same data are stored in multiple locations 2. Data isolation: applications cannot access data associated with other applications 3. Data inconsistency: various copies of the data do not agree Database systems Maximize the following problems: 1. Data security: because data are put in one plast in databases, database systems 2. Data integrity - data meet certain constraints, thus reducing irrelevant data 3. Data independence - applications and data are independent of one another, that is applications and data are not linked to each other, so all applications are able to access the same data Data Hierarchy Bits - can only be binary, represents smallest unit Byte - group of 8 bits Field - logical grouping of characters into a word, images or other types of multimedia Record - logical grouping of related fields, such as a student record Data file/table- logical grouping of related records constituting a database The relational Database Model Database management system : a set of programs that provide users with tools to create and manage a database. Managing a database refers to the processes of adding, deleting, accessing, modifying, and analyzing data that are stored in a database.Can access data by using query. Composed of two-dimensional tables. A relational database generally is not one big table (flat file), however several interconnected tables (containing records, rows, and attributes, columns) Instance of an entity refers to each row in a relational table Attribute is each characteristic or quality of a particular entity. Ex. if an entity was a customer, an attribute would be their gender *every record in the database must contain at least one field that uniquely identifies that record so that it can be retrieved, called the primary key. Foreign key is a field in one table the uniquely identifies a row of another table Structured Data is highly organized Unstructured data refers to data that do not reside in a traditional relational database (Email messages, videos…) Big Data Collection of data that is so large and complex that it is difficult to manage using traditional database management systems. Diverse, high-volume, high-velocity information assets that require new forms of processing in order to enhance decision making, lead to insights, and optimize business processes Consists of: Traditional enterprise data (customer information, transactional enterprise resource planning data) Machine-generated/sensor data - smart meters, manufacturing sensors, sensors integrated into smartphones, automobiles…) Social data Images captured by billions of devices located throughout the world (security cameras…) Characteristics of big data: 1. Volume: large 2. Velocity: rate at which data flow is increasing, and significant to ensure rapid feedback loop between a company and its costumes 3. Variety: formats change more rapidly, satellite images... Big Data can come from untrusted sources Big data is dirty (inaccurate, incomplete, incorrect, duplicate or erroneous data Big Data Changes, Especially in Data streams Managing Big Data Massive parallel processing - coordinated processing of an application by multiple processors that work on different parts of the application Putting Big Data to Use: Objectives to employ Making big data available: help organizations gain value if data is available Enabling organizations to conduct experiments: Microsegmentation of customers: to ensure better analysis of data Creating new business models: Organizations cna analyze more data Data Warehouses and Data Marts Data warehouse - repository of historical data that are organized by subject to support decision markets within the organization Data mart - low cost, scaled down version of a data warehouse that is designed for the end-user needs in a strategic business unit Both data marts and warehouses must contain the following: Organized by business dimension or subject Use online analytical processing Integrated Time variant Nonvolatile Multidimensional The environments must include: 1. 2. 3. 4. 5. Source systems that provide data to the warehouse or mart Data-integration technology and processes that prepare the data for use Different architectures for storing data in an organizations data warehouse or marts Different tools and applications for a variety of users Meta data, data quality, and governance processes that ensure that the warehouse or mart meets it purpose Components of a Data Warehouse Source Systems - Can include enterprise resource planning systems (ERP), website data, third part data, and more. Data integration - the extraction, transformation and loading of data into the data mart. Often called ETL Storing the data - variety of architectures to store decision support data, with the most common being one central enterprise data warehouse, without data marts. Independent data marts store data for a single application or a few applications (marketing/finance) Hub and spoke architectures contain a central data warehouse that stores the data plus multiple dependent data marts that source their data Meta Data - data about data, very important in the data warehouse Data Quality - must meet the needs of the users Governance - to plan and control their BI activities Users - Can be broken up into information producers (create information for other users) and information consumers (use information created by others Knowledge Management Helps organizations manipulate important knowledge that makes up part of the organizations memory, usually in an unstructured format. For it to be successful, knowledge must be easily exchangeable between members and be able to grow. Knowledge is information in actions, that is contextual, relevant, and useful. Can be used to solve a problem, information can’t. Explicit versus tacit knowledge : Explicit is objective, rational and technical knowledge. Knowledge management systems Use of modern information technologies, internet…, to systematize, enhance, and expedite knowledge management both within one firm and among multiple firms. Challenges however are that employees must share their tacit knowledge and companies must be willing to invest the resources needed to carry out these operations. KMS cycle: 1. 2. 3. 4. 5. 6. Create knowledge Capture knowledge Refine knowledge Store knowledge Manage knowledge Disseminate knowledge Appendix 5.6 Query Languages Common performed database operation is searching for information. Structured Query language (SQL) is the most popular query language used for interacting with a database. Typical key words are Select, From, and Where. Another language is query by example : where the user fills out a grid or template (also known as a form) to construct a sample or a description of the data desired. Relationships between entities Unary Relationship - an associated is maintained with a single entity Binary Relationship - 2 entities are associated Ternary relationship - 3 entities Connectivity of Relationships One - One One - many Many - many (Many databases do not support this, so we use junction tables) Cardinarlity is the maximum number of times an instance of one entity can be associated with an instance in the related entity. Examples include: Circle means many, lines mean mandatory single Mandatory Single : Optional Single : Mandatory many : Optional Many : Normalization and Joins Normalization is a method for analyzing and reducing a relational database to its most streamlined form to ensure minimum redundancy and maximum data integrity by organizing attributes into tables and eliminating the non-key attributes. Functional dependencies are a means of expressing that the value of one particular attribute is associated with a specific single value of another attribute. Chapter 7 - E-Business and E-Commerce E Business is broader, it also refers to servicing customers, collaborating with business partners, and performing electronic transactions within an organization Degree of digitization is the extent to which commerce has been transformed from physical to digital Brick and mortar organizations are purely physical transactions Pure EC are transactions that are fully digital Click and mortar organizations conduct some e commerce activities, yet their primary business is carried out in the physical world E Commerce is the process of buying, selling, transferring, or exchanging products,services or information through computer networks. It increases organizations reaches (number of potential customers to whom the company can market its products) Removes barriers that previous entrepreneurs faced Seven types of ecommerce: 1. 2. 3. 4. 5. 6. Business to consumer electronic commerce (B2C) Business to business ecommerce (B2B) Consumer to consumer (C2C) Business to employee (B2E) - managing benefits and taking courses E-government Mobile Commerce (m-commerce: Commerce that is conducted entirely in a wireless environment) 7. Social commerce : delivery of electronic commerce and transactions through social computing 8. Conversational commerce (electronic use of messaging and chats) Business model is the method by which a company generates revenue to sustain itself Auction is a competitive buying and selling process Forward auctions are when sellers solicit bids from many potential buyers Reverse auctions are when one buyer wants to purchase a product or a service (RFQ bid) Electronic payment mechanisms enable buyers to pay for goods and services electronically Electronic cheques: primary used in B2B Electronic cards : E Credit cards, purchasing cards, stored value money cards, smart cards How ECredit Cards Work: 1. Once a purchase is complete, the credit card information and purchase amount are encrypted in your browser, ensuring a “safe” travel to the purchase location 2. When the information arrives at the seller, it is not revealed but transferred automatically to a clearing house, where it is decrypted for verification and authorization 3. The clearing house asks the bank that issued you your credit card to verify your information 4. Your card issuer bank verified your credit card and reports it to the clearing house 5. The clearning house reports the results of the verification of your credit card to seller 6. Amazon reports a successful purchase and amount to you 7. Your card issuer bank sends funds in the amount of the purchase to amazon's bank 8. Your card issuer bank notifies you of the debit on your credit card 9. Amazon bank notifies amazon of the funds credited to its account Purchasing Cards are primarily used in B2B, where the payments are due within the week instead of a month EMV smart cards are also called “Chip and Pin” and are mastercard, and visa, which contain a chip that can store a large amount of information Payment gateways are an application that authorizes payments for e-businesses, online retailers, bricks and clicks businesses (Paypal). Virtual equivalent of a physical point of sale terminal located in retail outlets Benefits and Limitations of ECommerce Benefits: More accessible national and international markets Lowers cost of processing, distributing and retrieving information. Customers benefit by being able to access a vast number of products and services Easy and convenient access to information and services Can reduce vendor selling costs by 20-40% Limitations: Lack of universally accepted security standards Telecommunications is not developed everywhere causing barriers to access EC can be perceived as nonsecure Business-TO-Consumer E Commerce B2B is much larger then B2C EC by volume, but B2C EC is more complex. Electronic retailing is the direct sale of products and services through electronic storefronts “The long tail” describes the retailing strategy of selling a large number of unique items in small quantities, think about amazon. Electronic storefront is a website that represents a single store, which has a unique URL (uniform resource locator) Electronic mall is a collection of individual shops grouped under a single internet address, Disintermediation is the process whereby intermediaries are eliminated due to technological advancements Middlemen (Intermediaires) have two purposes: 1. They provide information, 2. They perform valueadded services such as consulting Financial technology (FinTech): industry composed of companies that use technology to compete in the marketplace with traditional financial institutions. (Includes lending, trading and investing, personal finance funding, mobile banking, internet banking, and payments) Increasing Advertisements Impressions (Number of people view an ad): 1. Increase internet traffic 2. Place more, and more intrusive, ads on each webplaces 3. Try to sell natiev advertising: consists of ads that are disguised as content. Because they appear to be content, ad blockers cannot block them 4. Avoid the online ad problem 5. Find a non-advertising revenue source Types of Ad Blockers: Ad blocks that will stop almost every ad and tracker Ad blockers that are for-profit businesses Ad blockers that collect data Ad blockers that use the freemium model (free app with purchases to use it) Ad blocks that are a function of operating systems Issues in E-Tailing Channel conflict: ecommerce alienates the distributors (how much money to spend on advertising…) Showrooming : When customers visit a store to view a product, then uses the internet to conduct research and buys it from a competitor Order fulfillment: industry standards of 2-day, its a rush to fulfill small orders Personalized pricing: when a product is sold through multiple channels the price shouldn’t differ too much, however personalized pricing is pricing items at a point determined by a particular customers perceived ability to pay (through postal codes…) Business to business electronic commerce Sell-side marketplaces - organizations sell their products to another organization Buy Side marketplaces - a model in which the organizations attempt to procure needed product or services from other organizations electronically, streamlining the procurement process. Procurement is the overarching function that describes the activities and processes to acquire goods and services, such as market research and vendor evaluation. E procurement uses reverse auctions. Public exchanges - independently owned by a third party and connect many sellers with many buyers, open to all business organizations. Three types: 1. Vertical: connect buyers and sellers in a given industry. Primarily for goods suited for a particular community 2. Horizontal: connect buyers and sellers across many industries. Primarily used for MRO materials 3. Functional:needed services such as temporary help or extra office space are traded on a as needed basis. Ethical and Legal Issues in EBusiness Ethical Issues: 1. Privacy: most electronic payment systems know who the individual is 2. Job loss: eliminates the need for some of a company’s employees 3. Tracking: individuals can be tracked by cookies, which compile your entire tracking history Legal Issues: 1. Fraud on the internet (falsely spread information, or could be true by commissioned) 2. Domain names (sold and controlled by non-profits) 3. Cybersquatting (practice of registering or using a domain name for the purpose of profiting from the goodwill or trademark 4. Taxes and other fees (sales tac can be hard to track, should electronic seller pay licensing fees, gross receipts taxes…) 5. Copyright (sharing software when its copyrighted, movies…) Chapter 3 - Ethics and Privacy Ethics is the principles of right and wrong that individuals use to make choices that guide their behaviour. Five standards: 1. Utilitarian approach: states that an ethical action is the one that provides the most good or does the least harm 2. The rights approach: an ethical action is one that best protects and respects the moral rights of the affected parties (rights to make one's own choices, told the truth, not to be injured, and enjoy a degree of privacy) 3. The fairness approach: posits that ethical actions that treat all human beings equally 4. The common good approach: highlights the interlocking relationships that underlie all societies. (respect and compassion for all others is the basis for ethical actions) 5. The deontology approach: states that the morality of an action is based on whether that action itself is right or wrong under a series of rules, rather than based on the consequences of that action. (Ex. killing someone is wrong, even if it was self defense) A code of ethics is a collection of principles intended to guide decision making by members of the organization. Fundamental tenets of ethics include: 1. Responsibility: means that you accept the consequences of your decisions and actions 2. Accountability: refers to determining who is responsible for actions that were taken 3. Liability: legal concept that gives individuals the right to recover the damages done to them by other individuals What is unethical might not always be illegal Traditional versus GVV (Giving voice to values) Approaches to resolving ethical issues Four general categories of ethics and IT 1. Privacy issues - collecting, storing, and disseminating information about individuals 2. Accuracy issues - the authenticity, fidelity, and correctness of information that is collected and processed 3. Property issues: the ownership and value of information 4. Accessibility issues: revolve around who should have access to information and whether they should pay a fee for this access. Privacy Privacy is the right to be left alone and to be free of unreasonable personal intrusions. Information privacy is the right to determine when, and to what extent, information about you can be gathered or communicated to others Courts follow two rules closely: 1. The right of privacy is not absolute. Privacy must be balanced against the needs of society 2. The public’s right to know supersedes the individual's right of privacy Digital dossier is an electronic profile of someones data and their habits. The formation of this dossier is called profiling. Electronic surveillance is rapidly increasing, conducted by employers, the government , and other institutions. (Facial recognition, increase in processing capability (by 13,000 percent) Personal concerns for personal information in databases: 1. 2. 3. 4. 5. 6. 7. 8. Do you know where the records are Are they accurate Can you change inaccurate data How long will it take to make a change Under what circumstances will the data be released To whom are they sold to How are the data used How secure are the data against access by unauthorized people Privacy policies and privacy codes are an organization's guidelines for protecting the privacy of its customers, clients, and employees The opts out model of informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected Privacy advocates prefer opt-in model Canada’s privacy minister systems that consent should be sought, which is the opt-in model. Anti-spam regulation = bill C-28, companies must use opt-in model for sending promotions Platform for privacy preferences (P3P) was developed by the world wide web consortium to automatically communicate privacy policies between electronic commerce websites and visitors to that site. Canada's privacy legislation is called the personal information protection and electronic documents act (PIPEDA), effective January 1 2004 International Aspects of Privacy The EU and Canadian data privacy laws are stricter than those in the US, causing problems for US based multinational corporations which could face privacy violations lawsuits THE GPDR (General data protection regulation) is the world's strongest data protection laws, in effect in the EU. It covers both personal and sensitive personal data, and applies to both the data controllers an the data processors. A natural person is a living human being and a data subject is defined as a human being whose data an organization has or processes. The rights of the GPDR are: The right to know what organizations are doing with their data. The right to ask, at any time, for copies of all the data that organizations have about them. The right to know an organization’s justification why it has their data and how long it is planning to keep them. The right to have their data corrected, if needed. The right to have their data deleted. This provision is called the “right to be forgotten.” Companies can be fined if they do not correctly process an individual's data, experience a security breach and are required to have, but do not have, a data protection officer. Chapter 4 - Information Security and Controls Security can be defined as the degree of protection against criminal activity, danger, damage or loss Information security refers to all the processes and policies designed to protect an organizations informatin and IS. A threat to an information resource is any danger to which a system may be exposed The exposure of an information resource is the harm, loss, or damage that can result is a threat is compromised 5 key factors increase vulnerability of organizational resources: 1. Today’s interconnected, interdependent, wirelessly networked business enviornment 2. Smaller, faster, inexpensive computers and storage devices (make it easier to steal or lose devices) 3. Decreasing skills necessary to be a computer hacker 4. International organized crime taking over cybercrime 5. Lack of management support Two major threat categories: Unintentional and deliberate. Unintentional threats to information systems The higher level of employee the higher the threat level Employees in human resources and IT pose higher threats Also, janitors, contractors, consultants…. As they have access to the information Social Engineering: an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords (Such as impersonation…) Deliberate Threats to Information Systems Examples include: 1. Espionage or trespass 2. Information extortion: The perpetrator threatens to steal or actually steals information and then demands payment 3. Sabotage or vandalism: defacing an organization's website as a threat 4. Theft of equipment or information: Dumpster divers are individuals who rummage through corporations trash to find information 5. Identity theft 6. Compromises to intellectual property 7. Software attacks - use of malware to infect computers 8. Alien software 9. Supervisory control and data acquisition (SCADA) attacks 10. Cyberterrorism and cyberwarfare Intellectual property is anything protected under trade secret, patent and copyright laws. Ransomware attacks are attacks that block access to a computer system or encrypt an organization's data until the organization pays a sum of money. Most common method of attack is spear phishing, where employees/individuals open up the emails which will lock their devices Alien software is clandestine software that is installed on your computer through duplicitous methods, not as malicious as viruses or worms, but it uses up valuable system resources and allows data tracking. Vast majotiy is Adware: software that causes pop up advertisements to appear on your screen Spyware collects personal informatouon without their consent, nicludes keystroke loggers and screen scrapers. Supervisory Control and data Acquisition (SCADA) Attacks SCADA refers to a large scale distributed measurement and control system, providing a link between physical and electronic world. What are organizations doing to protect information resources Risk management is to identify, control and minimize the impact of threats. It consists of three steps: Risk analysis, risk mitigation, and controls evaluation. 1. Risk analysis involves three steps: 1. Assessing the value of each asset being protected 2. Estimating the probability of compromisation 3. Comparing the probability to the cost of being compromises 2. Risk Mitigation is the organization's actions to conquer threats. It has two functions: 1. Implementing controls to prevent identified threats from occurring 2. Developing a means of recovery if threats become a reality Risk mitigation strategies include: a. b. c. Risk acceptance Risk limitation Risk transference (purchasing insurance) 3. Controls evaluation, organization identifies security deficiencies and calculates the costs of implementation . Information Security Controls The purpose of controls is to safe guard assets. THe control environment encompasses management attitudes towards controls General controls apply to more then one functional area Application controls are specific to one field (Payroll) Three categories of general controls: 1. Physical controls (such as walls, doors, fencing, gates…) 2. Access controls restrict the use of information resources (can be physical or logical such as software.) a. Involve two major funcitons: Authentication and authorization: Authentication confirms the identity of the persona requiring access, authorization determines which actions, rights or privileges the person has b. Authenticatoin: can be used by one or more of the following methods i. Something the user is: biometrics: examines the innate physical characteristics. Can be active, where the user must be present, or passive, where the user does not have to be present such as voice activation ii. Something the user has : regular identification such as smart id cards, tokens… Regular id cards typically have the persons photo, but smart ones have a chip inside iii. Something the user does includes voice and signature recognition iv. Something the user knows includes passwords and passphrases. Passwords are known as a double fail as they are easily forgotten and easily hacked 3. Communications controls (secure the movement of data across networks, such as firewalls, antimalware systems, white listing and encryption) . Firewalls: prevents movement of information between untrusted networks a. Anti-malware systems : attempt to identify and eliminate viruses and worms b. Whitelisting : process in which a company identifies a software that it will allow to run on its computers c. Blacklisting allows everything to run unless its on the blacklist d. Encryption: Organizations that do not have a secure channel for sending information sue encryption to stop unauthorized eaves eavesdroppers. Public key versus private key encryption, asymmetric encryption e. Virtual private networking (VPN) is a private network that uses a public network to connect users. They have no separate physical existence. Uses a process called tunnelling f. Transport layer security: formally called secure socket layer, is an encryption standard used for secure transactions such as credit card processes g. Employee monitoring systems: scrutinize their employees computers and activities h. Application controls: protect specific applications in functional areas Business continuity plan, or disaster recovery plan is a chain of events linking planning to protection and to recovery. Information System Auditing: an examination of IS, can also be on their efficiency and effectiveness *** Read more about this on page 120, im bored and tired Technology Guide (pg 440): Cloud Computing Cloud computing is a type of computing that delivers convenient on demand pay as you go, access for multiple customers to a shared pool of configurable computing resources that can be rapidly and easily accessed over the internet. Stages of development of IT infrastructure since the 1950’s: 1. Stand-alone mainframes : organizations initially used mainframe computers in their engineering and accounting departments. 2. Mainframe and dumb terminals : forcing users to go whereever the mainframe was located was time consuming, so as a result, firms began placing so called dumb terminals, essentailly electronic type writers with limited processing power, enabling users to input computer programs into the mainframe from their departments (Called remote job entry) 3. Standalone personal computers (late 1970’s): the first personal computers appeared, users began bringing personal computers to the workplace to improve their productivity 4. Local area networks: When personal computers are networked, individual productivity increases. For this reason, organizations began to connect personal computers to local area networks and connect the LANS to the mainframe, introducing the processing system called client/server computing. 5. Enterprise computing (Early 1990’s): organizations use networking standards to integrate different kinds of networks throughout the firm. After the internet became widespread after 1995, organizations began using the TCP.IP networking protocol to integrate different types of networks 6. Cloud computing and mobile computing: Today, organizations and individuals can use the power of cloud computing to share a pool of resources. Traditional IT departments use on premise computing, where their own IT infrastructure were in their data centres. This prevented any developments of IT Infrastructure as they were required to manage it instead of developing enhancing growth projects. Important characteristics of cloud computing: Cloud computing provides on demand self service - a customer can access needed computing resources automatically, giving customers elasticity and flexibility Cloud computing encompasses the characteristics of grid computing - grid computing pools various hard and software components to create a single IT environment with shared resources. It enables the organizations to use their computing resources more efficiently It provides fault tolerance and redundancy, meaning that there is no single point of failure Grid computing makes it easy to scale up, that is, to access increased computing resources Makes it easy to scale down if extensive processing is not needed. Cloud computing encompasses the characteristics of utility computing - utility computing is where a service provider makes computing resources and infrastructure management available to a customer as needed. The provider then charges the customer for its specific usage rather than a flat rate. Cloud computing uses broad network access - the cloud providers computing resources are available over a network, accessed with a web browser and they are configured so that they can be used with any computing device Cloud computing pools computing resources - the providers computing resources are available to serve multiple customers. These resources are dynamically assigned and reassigned according to customer demand Cloud computing often occurs on virtualized servers - cloud computing providers have placed hundreds or thousands of networked servers inside massive data centres called server farms. Server virtualization uses a software based partition to create multiple virtual servers called virtual machines. Different Types of Clouds Three major types: Public Cloud : Shared, easily accessible, multi customer IT infrastructures that are available non exclusively to any entity in the general public. Vendors supply applications, storage, and other computing resources as services over the internet. Private clouds: IT infrastructures that can be accessed only by a single entity or by an exclusive group of related entities that share the same purpose and requirements. Hybrid Clouds are composed of public and private clouds that remained unique entities but are nevertheless tightly integrated. Can deliver services based on security requirements, the mission critical nature of the applications, and other company established policies Vertical Clouds : close infrastructure and applications for different businesses . Cloud computing services are based on three models: 1. Infrastructure as a service (IaaS) : cloud computing providers offer remotely accessible servers, networks, and storage capacity. They supply these resources on demand from their large resource pools which are located in their data centres. IaaS Customers are often technology companies with IT expertise. Example, Shopify 2. Platform as a service (PaaS) : customers rent servers, operating systems, storage, a database, software development technologies and network capacities over the internet. The PaaS allows the customer to both run existing applications to develop and test new applications. Offers several advantages such as: a. Application developers can develop and run their software without the complexity of buying and managing the underlying hardware and software layers b. Underlying computing and storage resources automatically scale to match application demand c. Operating system features can be upgraded frequently d. Geographically distributed development teams can work together on software development projects. e. PaaS services can be provided by diverse sources located throughout the world. Examples include airbnb, uber... 3. Software as a service (Saas): cloud computing vendors provide software that is specific to their customers requirements. SaaS is the most widely used service model, and it provides a broad range of applications. SaaS providers typically charge their customers a monthly or yearly subscription. It resides in the cloud instead of on the infrastructure. Easy ability to scale. The benefits of cloud computing Cloud computing has a positive impact on employees : Provides employees with access to all the information they need no matter where they are, what device they are using or with whom they are working Cloud computing can save money : reduces the need to purchase hardware, build and install software, and pay software licensing fees Cloud computing can improve organizational flexibility and competitiveness: allows organizations to use only the amount of computing resources they need at a given time. Therefore, companies can efficiently scale their operation up or down as needed to meet rapidly changing business conditions Concerns and Risks Legacy IT systems : legacy spaghetti refers to the accumulated diversity of hardware, operating systems and applications Reliability : many skeptics content that cloud computing in not as reliable as well managed on premise it infrastructure Privacy: poses a major threat to privacy because the providers control, and thus lawfully or unlawfully monitor the data and communication Security : how secure the cloud services are The regulatory and legal environment: Many legal and regulatory include data access and transport Criminal use of cloud computing : attractive target for data thieves Web services and service oriented architecture: Web Services are applications delivered over the internet that MIS professionals can select and combine through almost any device. Permits data to be shared amongst services. They can be employed in various environments. The collection of web services that are used to build a firm's IT applications constitutes a service-oriented architecture Extensible markup language is a computer language that makes it easier to exchange data among flexible markup language (Easier than hypertext markup language (HTML)) Universal Description, discovery, and integration (UDDI) allows MIS professionals to search for needed web services by creating public or private searchable directors of these services I didn’t read this page because holy crap it's boring. Chapter 10: Information Systems within the organization Transaction Processing Systems A transaction is a business event that generates data worthy of being captured and stored in a database (a person hired, a service sold, a payroll cheque…) A TPS supports the monitoring, collection, storage and processing of data from the organizations basic business transactions. Collects data in real time, and provides input data for corporate databases. Key to success as it supports core operations Complexities of TPS: When more than one person or application program can access it, the database must be protected from overlapping updates All systems that are included (such as atm to data warehouse) must be independently working but synchronized It must be possible to reverse a transaction in its entirety Important to preserve an audit trail Two ways in which the system processes data: 1. Batch processing: Firm collects data as they occur, placing them in groups or batches which are prepared periodically 2. Online processing: (OLTP) : business transactions are processed online as soon as they occur. Function Area Information Systems Supports a particular functional area in the organization by increasing each areas internal efficiency and effectiveness (Accounting IS, Finance IS…) Information systems for accounting and finance: Primary mission: to manage money flows into, within, and out of organizations Financial planning and budgeting Financial and economic forecasting: availability and cost of money Budgeting : an essential component of the accounting and finance function is the annual budget Managing financial transactions Global stock exchange (open 24/7/365) Managing multiple currencies : can convert within seconds Virtual close: can close the books any time, instantaneously Expense management automation : systems that automate the data entry processing of travel and expenses Investment management : can easily analyze the large volume of global investments, as well as interpret financial data more easily Control and Auditing: Budgetary control: after an organization has finalized its annual budget, it divides those monies into monthly allocations Internal auditing: these internal auditors can evaluate the controls at the organization and evaluate the organization's risk assessment and governance processes Financial ratio analysis: monitor the company’s financial health by assessing a set of financial ratios Information Systems for Marketing: can better adapt and understand customers needs and wants Information systems for production/operations management : Primary responsibility: to transforms inputs into useful outputs as well as for the overall operation of the business In-house logistics and materials management: deals with ordering, purchasing, inbound logistics (receiving) and outbound logistics (shipping) Inventory management : to help ease the complex decision of when to order and how much Quality Control : Planning, production and operations: Computer Integrated Manufacturing: THree basic goals To simplify all manufacturing technologies and techniques To automate as many of the manufacturing processes as possible To integrate and coordinate all aspects of design, manufacturing, and related functions through computer systems Product life cycle management Information systems for human resource management Recruitment : automated, use of linkedin Human resources development: Human resources planning and management : Payroll and employees records Benefits administration Employee relationship management (call centre…) Reports All information systems produce reports. THey are very closely related to FAIS and ERP systems Fall into three categories 1. Routine Produced at scheduled intervals, monthly, quarterly... 2. Ad Hoc (on-demand) . Out of the routine reports, (“I need the report today, for the last three days, not for one week”). Can include: i. Drill down reports: Greater level of detail, focusing on a specific aspect such as a store… ii. Key indicator reports : summarize the performance of critical activities iii. Comparative reports : compare for example, the performances of different business units or of a single unit during different times 3. Exception . Include only information that falls outside certain threshold standards (“get me the report for all the salesperson who fell below the minimal sales mark)” a. Enterprise Resource Planning Systems ERP systems resolve the problem of information silos by tightly integrating the functional area IS through a common database. Original design ed to facilitate business processes associated with manufacturing. Did not extend to other functional areas. ERP 2 Systems : evolves to include administrative, sales, marketing, and HR. THe various functions of ERP 2 systems are now delivered as E-Business Suites. Include a variety of modules that are divided into core ERP modules (Financial management, operations management, supply chain management, and BI. If a system does not have the core ERP modules, then it is not a legitimate ERP system. Core ERP Modules FInancial Management Operations Management Human Resource Management Extended ERP Modules Customer relationships management Supply chain management Business Analytics E-Business Benefits and Limitations of ERP systems Benefits Organizational flexibility and agility : more adaptive as data is communicated across functional areas Decision support: ERP systems provide essential information on Busienss performance Quality and efficiency Limitations Business processes in the ERP are predefined by the best practices that the ERP vendor has developed. Can be extremely complex, expensive and time consuming to implement Major causes of ERP implementation failure include: Failure to involve affected employees in planning and development stages Trying to accomplish too much too fast Insufficient training in the new work tasks Failure to perform proper data conversion and testing for the new systems Implementing ERP Systems Can implement using either on premise ERP or software as a service On premise ERP Implementation: three strategic approaches to implementing The vanilla approach: a company implements a standard erp package, using the packages built in configuration options The custom approach: a company implements a more customized erp system by developing new erp functions designs specifically for that firm The best of breed approach: combines above mentioned systems while avoiding extensive costs and risks associated with complete customization. Companies mix and match core erp modules as well as other extended erp modules from different software providers Software as a service ERP implementation: subscription based, companies do no thave to buy software. Can be a perfect fit for companies that cannot afford large investments. Three major advantages to Cloud ERP systems: System can be used from any location Companies can use ERP to avoid the initial hardware and software expenses that are typical of on premise implementations Cloud based erp solutions are scalable, meaning it is possible to extend erp support to new business processes and partners Disadvantages: It is not clear if cloud based erp systems are more secure then on premise systems Companies that adopt cloud based erp systems sacrifice their control over a strategic IT resource A third disadvantage is a direct consequence of the lack of control over IT resources Enterprise Application Integration - integrates existing systems by providing software, called middleware, that connects applications offering a cheaper and safer alternative for businesses ERP support for business processes Cross-departmental process is one that 1. Originates in one department and ends in a different department, or 2. Involves other departments but originates and ends in the same one. Ex. Procurement process, fulfillment process, production process Interorganizational Processes: ERP with SCM and CRM Interorganizational processes: originate in one company and end in another. Typically involve supply chain management and customer relationships management systems. ERP SCM can place automatic requests to buy fresh perishable products from suppliers in real time ERP CPM can benefit businesses by generating, forecasting, and analyzing of the product consumption based on critical variables Chapter 11: Information Systems within the organization Supply chain management enables 1. Improved customer service and 2. Reduced operating costs CRM approach of individualized customer experience and marketing is called customer intimacy Customer relationship management (CRM) is a customer focused and customer driven organizational strategy. Process of CRM: 1. Begins with marketing efforts, where organizations solicit prospects from a target population 2. Prospects then become customers, and hopefully repeat customers. Organizations overall goal is to maximize the lifetime value of a customer, which is that the customers potential revenue stream over a number of years a. time Customer churn: the number of customers lost over CRM fundamentally simple concept: treat customers differently because their needs differ and their value to the company may also differ. 1% increase in customer satisfaction can lead to as much as a 300% increase in a company’s market capitalization. CRM systems are information systems designed to support an organization's CRM strategy. On the spectrum, low CRM systems are meant for those with many small customers (Amazon) and high CRM systems are those for a few large customers (Bently Motors). All Successful CRM policies follow two points: 1. The company must identify the many types of customer touch points a. All the numerous and diverse interactions they have with customers (phone calling, social media, POS) b. Omnimarekting : marketing that makes use of all of the channels (bricks and mortar, online, social media…) 2. It needs to consolidate data about each customer . Before, all information was listed in silos, inaccessible to each department and not connected. a. With the use of data warehouse now, the complete data set, known as a 360 degree view of the customer, can be had, and companies can one make their operations more profitable and productive b. Collaborative CRM systems provide effective and efficient interactive communication with the customer throughout the entire organization c. Most recent push for consolidated data is called customer identity management, and is when businesses understand their customers and can track how their relationships have changed over time. There are two major components of an organizations CRM systems: operation CRM systems and analytical CRM systems. Operational CRM systems Support front office business processes, which are those that directly interact with customers (Sales, marketing and service). Two major components: customer facing applications and customer touching applications. Benefits of Operational CRM: Efficient, personalized marketing, sales and service 360 degree view of each customer Ability of sales and service employees to access a complete history of customer interaction with the organization, regardless of touch point. It can help achieve these objectives: Improve sales and account management Form individualized relationships with customers, with the aim of improving customer satisfaction Identify the most profitable customers Provide employees with the information and processes necessary to know their customers Understand and identify customers needs and efficiently build relationships among the company Customer Facing Applications In these applications, an organization's sales, field service, and customer interaction centre interact directly with customers. These applications include: Customer service and support: customer service and support refers to systems that automate service requests, complaints, product returns. ORganizations have implemented customer interaction centers (CIC), where organization representatives use multiple channels such as the web, telephone, fax and face-to-face interactions to communicate. One of the best known CIC is call centres. Salesforce Automation: component of an operational CRM system that automatically records all of the components in a sales transaction process. It includes contact management systems (Tracks communication between customer and sales rep, the purpose and any necessary follow up), also sales lead tracking system, which lists potential clients for sales people. Other elements that it can include is a sales forecasting system, and product knowledge system (comprehensive source of information regarding products and services) Marketing: customer facing applications enable marketers to identify and target their best customers, to manage marketing campaigns, and to generate quality leads for the sales team. Cross selling: marketing of additionally related products to customers based on previous purchase. Very successful for banks Upselling: strategy in which the salesperson provides customers with the opportunity to purchase related products or services of greater value in place of, or along with, the customers initial product or service selection Bundling: form of cross selling in which a business sells a group of products or services together at a lower price than their combined individual prices Campaign management: help organizations plan campaigns that send the right messages to the right people Customer Touching Applications Applications that enable customers to indirectly communicate with the company, where consumers interact with the applications themselves. The major ones include: Search and comparison capabilities (many online stores/independent stores offer this ability, think about apple) Technical and other information and services (many organizations offer personalized experiences to induce customers to make purchases or to remain loyal Customized products and services (another customer touching service that many online vendors use is mass customization Personalized web pages FAWs Email and automated response Loyalty programs (not to reward pas behaviour but influence future behaviour) Analytical CRM systems Used by the operational CRM systems to mine the data and learn about customer behavior. THey provide business intelligence by analyzing customer behaviour and perceptions. Important technologies for analytical CRM systems include Data warehouses, data mining, decision support, and other business intelligence technologies. It analyzes customer data for a variety of purposes, including: Designing and executing targeted marketing campaigns Increasing customer acquisition, cross selling and upselling Providing input into decisions relating to products and services Providing financial forecasting and customer profitability analysis Other Types of customer relationship management systems On demand CRM systems: CRM systems can be implemented as either on-premise or on-demand. Traditionally, organizations used on-premise, meaning that they purchase the systems from a vendor. On-demand CRM systems is one that is hosted by an external vendor in the vendors data centre. This arrangement spares the organization the costs associated with purchasing the system. The organization's employees also need to know how to asses to and use it. The concept of on demand is also known as utility computing or software as a service. Sales force is the best known on demand CRM vendor. Companies can rent CRM instead of buying it Mobile CRM systems : interactive systems that enables an organization to conduct communications related to sales, marketing, and customer service. Open source CRM systems: are CRM systems whose source code is available to developers and users, may be implemented either on premise or on demand. Benefits include favourable priving, and a wide variety of applications. Easily customizable Social CRM: the use of social media technology and services toe nable organizations to engage their customers in a collaborative conversation in order to provide mutually beneficial value in a trusted and transparent manner. Realtime CRM: relatime customer relationship management to provide a superior level of customer satisfaction for todays always-on, always-connected, more knowledgeable and less loyal customers. Supply Chains Modern organizations are increasingly concentrating on their core competencies and on becoming more flexible and agile. TO accomplish these objectives, they rely on other companies rather than on companies they themselves own. This concept has lead to supply chains: the flow of materials, information, money, and services from raw material suppliers, through factories and warehouses, to the end customers. It also includes the organizations and processes that create and deliver products, information, and services to the end customers. Supply chains enable trust and collaboration among supply chain partners, thus improving the supply chain visibility and inventory velocity. Supply chain visibility refers to teh ability of all organizations within a supply chain to access or view relevant data on purchased materials as these materials move through their supplies production processes and transportation. Inventory velocity: the time it takes for a company to deliver products and services after receiving the materials required to make them. The structure and components of supply chains Involves three segments: 1. upstream: where sourcing or procurement from external supplies occur. Supply chain managers select suppliers to deliver goods and services the company needs. They develop the pricing, delivery and payment processes between the company and its suppliers. 2. Internal: where packaging, assembly, or manufacturing takes place. Where supply chain managers schedule the activities necessary for production, testing, packaging, and preparing goods for delivery. 3. Downstream, where distribution takes place, frequently by external distributors. Supply chain managers coordinate the receipt of orders from customers, develop a network of warehouses, select carriers to deliver products to customers and implement invoicing systems to receive payments. Bidirectional flow of goods and information is when it flows from suppliers to customer and back (returns, called a reverse flow) Tiers of suppliers: many different organizations work together, for example, rubber and metal distributors for The flows in the supply chain: there are typically three flows in the supply chain: material (product life cycle), information, and financial. TO manage all of them, we use Supply Chain Management Supply Chain Management To improve the processes a company uses to acquire the raw materials it needs to produce a product or service. 5 basic components: 1. Plan: Planning is the strategic component of SCM. Orgnizations must have a strategy for managing all the resources that are involved in meeting customer demand for their products or service. 2. Source: sourcing component, organizations choose suppliers to deliver the goods and services they need to create their product or service.(developing pricing, delivery, payment processes with suppliers. Creating metrics to monitor and improve relationships) 3. Make: Manufacturing component. Testing, packaging, preparation. Most metric intensive part of the supply chain 4. Deliver: component is often referred to as logistics. Organizations coordinate the receipt of customer orders, develop a network of warehouses 5. Return: supply chain managers must create a responsible and flexible network for receiving defective or return products. Use of IS to reduce the problems or friction along the supply chain. Friction can increase time, costs, and inventories, making the organiztion more profitable and competitive. SCM systems are a type of interorgnizational information systems. In an IOS, informaiton flows among two or more organizations. Push Model: known as make to stock, the production process begins with a forecast of what will be sold, and then will make push the goods to the customers. Pull model: using web enabled information flows, also known as make to order, where the production process begins with a customer order. Problems along the supply chain: Arise mainly from: 1. 2. Uncertainty Need to coordinate multiple activities, internal units, and business partners. Poor customer service from direction within Bull whpki effect refers to erractic shifts in orders up and down the supply chain Solutions to supply chain problems: 1. Vertical integration: buying the upstream suppliers to ensure the company has its full attention and devotion 2. Using inventories to solve supply chain problems (Building inventories as insurance against uncertaintys) a. Just in time inventory systems deliver the precise number of parts, called workin process inventories 3. Information sharing : along the supply chain, Information Technology Support for Supply Chain Management Three technologies in particle provide support for IOSs and SCM systems: 1. Electronic data interchange (EDI): a communication standard that enables business partners to exchange routine documents. However, it can cause business to be restructured to fit their requirements, or be inflexible in their operations 2. Extranets: links for business partners over the internet by providing them access to certain areas of each others corporate intranets. Primary goal is to foster collaboration between and among business partners. They use VPNS to better and more securely communicate over the internet a. A company and ites dealers, customers, or supplies: entranet centered over a single company (FEDEX) b. Industry extranet: where all companies can set one up together to benefit them all. Provides a secure global medium for B2B exchange c. Joint ventures and other business partners: partners use extranet as a vehicle for communication and collaboration 3. Portals and exchanges : offers point of access through a web browser to critical business information. Would enable companies and suppliers to share information and collaborate very closely . Procurement portals : automate the business processes involved in purchasing and procurement a. Distribution portals: automate the business processes involved in selling or distributing products from a single supplier to multiple buyers Chapter 12:Business Analytics Business analytics is the process of developing actionable decisions or recommendations for actions based on insights generated from historical data Business intelligence has been defined as a broad category of applications, technologies and processes for gathering, storing, accessing and analyzing data to help business users make better decision Management is a process by which an organization achieves its goals through the use of resources Organization productivity = the ratio of inputs (resources) to outputs (achievement of goals) Three roles of managers: 1. Interpersonal rules: figurehead, leader, liaison 2. Informational roles: monitor, disseminator, spokesperson, analyzer 3. Decisional roles: entrepreneur, disturbance handler, resource allocator, negotiator Problem Structure The first dimension is problem structure, in which decision making processes fall along a continuum ranging from highly structured to highly unstructured. Structure decisions deal with routine and repetitive problems. These decisions are candidates for decision automation Unstructured decisions: intended to deal with “Fuzzy” complex problems for which there are no cut and dried solutions. Human intuition and judgment often play an important role, Semistructured decisions : evaluating employees, trading bonds, performing capital acquisition Nature of Decisions 1. Operational control: executing specific tasks efficiently and effectively 2. Management control: acquiring and using resources efficiently in accomplishing organizational goals 3. Strategic planning: the long-range goals and policies for growth and resource allocation Different applications and practices of BA: Development of one or a few related analytics applications : target is often a point solution for a departmental need Development of infrastructure to support enterprise wide analytics: supports both current and future analytic needs Support for organizational transformation: a company uses business analytics to fundamentally transform the ways it competes in the marketplace The Business Analytics Process 1. Identification of pain points by practicing managers Technologies that underlie the entire process: Microprocessors: becoming increasingly powerful (specifically Graphic processing units GPUs are essential to neural networks, another underlying technology) Data management: organization must have data, and be able to extract it or essentially clean the 2. data. 3. Analyze data: a. Descriptive analytics: what has happened in the past and enables decision makers to learn from past behaviours. Tools include online analytical processing, data mining, decision support systems and a variety of statistical procedures. i. Online analytical processing: involves slicing and dicing and rolling up the data to greater summarization. ii. Data mining: searching for valuable business information in a large database, data warehouse or data mart. It identifies previously unknown patterns (descriptive analytics) and predicts trends and behaviors (predictive analytics). Affinity analysis is a data mining application that discovers co occurrence relationships among activities performed by specific individuals or groups iii. Decision support systems (DDS) combine models and data to analyze semi structured problems and some unstructured problems that involve extensive user involvement. It can involve sensitivity analysis, what-if analysis, goal seeking analysis. b. Predictive analytics: examines recent and historical data to detect patterns and predict future outcomes and trends. It provides estimates about the likelihood of a future outcome. Tools include Data mining. Unintended consequences of predictive analytics include: . Misuse of data c. Prescriptive analytics: recommends one or more courses of action and by identifying the likely outcome of each decision. It requires predictive analytics with two additional components; actionable data and a feedback system that tracks the outcome produced by the action taken. 4. Presentation tools: all analytics produce results, which must be communicated to decision makers in the organization. Data visualization is the act of making the results more attractive and easier to understand. Dashboards are the most common BA tool presentation. . Dashboards common capabilities: drill down, critical success factors, key performance indicators, status access, trend analysis, exception reporting. a. Geographic information systems: computer based system for capturing, integrating, manipulating and displaying data using digitized maps 5. Asking the next question, where decision makers must be ready to ask it. Ba Tools: Excel, multidimensional analysis, data mining, decision support systems. Data reduction is the conversion of raw data into a smaller amount of more useful information Chapter 13: Acquiring Information Systems and Applications It Planning Begins with an analysis of the organizational strategic plan (which identifies the firm's overall mission, the goals that follow from that mission and the broad steps required to reach these goals) The IT architecture delineates the way an organization should utilize its information resources to accomplish its mission. The IT strategic plan must meet three objectives: 1. It must be aligned with the organization's strategic plan 2. It must provide for an IT architecture that seamlessly networks users, applications and databases 3. It must efficiently allocate IS development resources among competing projects so that the projects can be completed on time and within budget and still have the required functionality. The existing IT architecture is a necessary input into the IT strategic plan because it acts as a constraint on future development efforts After a company has agreed on an IT strategic plan, it next develops the IS operational plan It contains the following elements: Mission IS environment Objectives of the IS function Constraints on the IS function The application portfolio (prioritized inventory of present applications and a detailed plan of projects to be developed or continued during the current year) Resource allocation and project management Evaluating and justifying IT investment: benefits, costs and issues Cost benefit analysis Its troubling to determine costs And then to assess the value of the benefits Strategies for conducting cost-benefit analysis: 1. Net present value (to convert original cost of funds to the benefits) 2. Return on investments (ROI) measures the management's effectiveness in generating profits with its available assets 3. Break Even analysis 4. In the business case approach, where the system developers write a case which justifies the funding. Strategies for Acquiring IT applications Fundamental decision are: How much computer code does the company want to write How will the company pay for the application Where will the application run Where will the application originate Acquisition Methods: Purchase a pre written application (cost effective and time saving) Customize a pre written application (may not be attractive is customization is the only method of providing the necessary flexibility to address the company’s needs) Lease the application (might not fit exactly, however saves money and time) (if it covers 80% of needs, the company should consider changing the 20% of business processes to match it). Can be used to test applications, or more attractive to SME enterprises. Use application service providers and software as a service vendor (ASP are agents or vendors that assemble the software needed by enterprises and then packages it with services such as development, operations, and maintenance. SaaS is a method of delivering software in which a vendor hosts the applications and provides them as a service to customers over a network.) Use open source software ( organizations obtain a licence to implement software and use it or customize it) Use outsourcing (acquiring applications from outside contractors or external organizations) Employ continuous development (continuous application development automates and improves the process of software delivery, constantly changing in response to changing business conditions and in response to user acceptance.) Employ custom development (in house or outsource it) Traditional Systems Development Life Cycle (SDLC) Traditional systems development method that organizations use for large scale IT projects. Six processes with clearly defined is: 1. Systems investigation : the more time they invest in understanding the problem, the less problems that arise throughout the development. Systems investigations addresses the business problem by means of the feasibility study, which is explained below: a. Technical feasibility determines whether the company can develop or otherwise acquire the hardware, software and communications components needed to solve the business problem b. Economic feasibility determines whether the project is acceptable financial risk and if so, whether the organization has the necessary time and money to complete the project c. Behavioural feasibility addresses the human issues of the systems development project 2. Systems analysis: process whereby system analysts examine the business problem that the organization plans to solve with an information system. The deliverable is a set of system requirements 3. Systems design: describes how the system will resolve the business problem. The deliverable is a set of technical system specifications, which specify the following . System outputs, inputs, calculations, or processing and user interfaces a. Hardware, software, databases, telecommunications, personnel, and procedures b. A blueprint of how these components are integrated Any changes to these causes scope creep, which is when the time frame and expenses associated with the project expand beyond the agreed upon limits 4. Programming and testing: if the organization decides to construct the software in house 5. Implementation: process of converting from an old computer system to a new one. The conversion process involves organizational change. Both end users and the MIS department need to work together to manage organization change. A direct conversion is when the old system is cut off and the new system is turned on at a certain point in time. A pilot conversion introduces the new system in one part of the organization, such as in one plant or one functional area. A phased conversion introduces components of the new system in stages. A parallel conversion is when the old and new system operate simultaneously for a time. 6. Operation and maintenance: includes debugging the program, updating the system, and adding new functions Alternative methods and tools for systems development Joint application Design: a group based tool for collecting user requirements and creating system designs. It is most often used within the systems analysis and systems design stages of the SDLC. Rapid application development: a system development method that can combine JAD, prototyping, and integrated computer assisted software engineering tools to rapidly produce a high quality system Agile Development: a software development methodology that delivers functionality in rapid iterations which are usually measured in weeks. Scrum approach is that during a project, users can change their minds about what they need and want. Therefore, scrum focuses on maximizing the development teams ability to deliver iterations quickly anf to respond effectively to additional user requirements. The primary predefined roles of scrum include: The scrum master: maintains the processes The product owner: represents the business users and any other stakeholder in the project The team: a cross functional group of seven people who perform the actual analysis, design, coding, implementation, and testing. End-user development: approach in which the organizations end users develop their own applications with little or no formal assistance from the IT department. Sometimes called Shadow IT DevOps is a practice that was first presented in 2009, where it is a form of software development that brings the developers and the users together throughout the entire process with the goal of reducing the time to deployment Tools for systems development Prototyping: defines an initial list of user requirements, builds a model of the system, and then defines the system in several iterations based on users feedback Integrated computer assisted software engineering tools: computer aided software engineering (CASE) refers to a group of tools that automate many of the tasks in the SDLC. Component based development: uses standard components to build applications. Components are reusable applications that generally have one specific function. Object oriented development: based on a different view of computer systems that the perception that characterizes traditional development approaches Containers are a method of developing applications that run independently of the based operating system of the server. Containers allow application providers to develop,test, and deploy technology that will always run in practice. Low code development platform: make use of visual interfaces to develop applications rather than traditional procedural hand coding. Advantages and disadvantages of system acquisition methods Systems analysts are IS professionals who specialize in analyzing and designing information systems Programmers are IS professionals who either modify existing computer programs or write new programs to satisfy user requirements Technical specialists are experts on a certain type of technology, such as databases or telecommunications The system's stakeholders include everyone who is affected by changes in a company’s information systems. Chapter 8: WIreless, Mobile Computing, and mobile commerce Wireless is any telecommunication in which electromagnetic waves, rather than some form of wire or cable, carry the signal between communication devices Mobile refers to something that changes it location over time Mobile computing refers to real time wireless connection between a mobile device and other computing environments Wireless transmission Media 1. Microwave transmission systems transmit data through electromagnetic waves. Used for highvolume, long-distance, line-of-sight communication. Causes problems because earth is round. 2. Satellite systems make use of communication satellites orbiting earth (there are three types of satellites circling 1. Geostationary earth orbit, medium earth orbit, low earth orbit) a. Geostationary earth orbit satellites orbit 35,900 km above the equator. They maintain a fixed preposition because they match the 24hour rotation around earth. However, quarter second delay in signal send and return, causing a propagation delay. TV signals b. Medium earth orbit satellites are located 103500 above earth's surface, they are less expensive and do not have an appreciable propagation delay. GPS c. Low earth orbit satellites : located between 600-1125 km above earth's surface. Footprints are lower because they are lower down. Telephone i. Global positioning systems is a wireless system that uses satellites to enable users to determine their position anywhere on earth ii. Internet over satellite: IoS is the only option available for internet connections because installing cables is either too expensive or physically impossible. iii. Commercial imaging: uses very small satellites 3. Radio . Radio transmission: uses radio wave frequencies to send data directly between transmitters and receivers. It can travel through normal office walls, and radio devices are fairly inexpensive and easy to install. It creates electrical interference problems. a. Google loon: uses balloons to create an aerial wireless network to provide internet access to rural and remote areas. b. Internet blimps: tethered blimps that float at about 260m altitude. Works as a regular cell tower but has a much larger footprint. (10000 squared km meters) Wireless Security Transmission can be intercepted by anyone close enough and has access to the appropriate equipment. Four major threats 1. Rogue access point is an unauthorized access point into a wireless network 2. Evil twin attack is when the attacker is in the vicinity with a WiFi enabled computer and a seperate connection to the internet 3. War driving is the act of locating WLANS while driving around a city. The intruder will gain free wifi and access to important data and other resources 4. Eavesdropping refers to efforts by unauthorized users to access data that are travelling over wireless networks 5. Radio frequency jamming is a person or device intentionally or unintentionally interferes with your wireless network transmission Short range wireless networks Simplify the task of connecting one device to another. Eliminate wires, and have a range of 30m. Three basic networks 1. Bluetooth: an industry specification used to create small personal area networks, which is a computer network used for communication among computer devices. Bluetooth smart is fueling the wearable technology because it is less expensive and consumes less power 2. Ultra wideband is a high bandwidth wireless technology with transmission speeds in excess of 100mbps 3. Near field communication: has the smallest range of any short range wireless network, which is designed to be embedded in mobile devices such as cell phones and credit cards. Medium range wireless networks The familiar wireless local area networks (WLANS). Most coming is wireless fidelity (Wi-Fi) A WLAN connects to a wired Lan or to a satellite dish that provides internet connections. 1. Wifi direct: enables peer to peer communications, so devices can connect directly 2. Mifi: a small portable wireless device that provides users with a permanent wifi hotspot wherever they go. Thus, users are always connected to the internet. 3. Lifi: light fidelity is a technology for wireless communication among device using light to transmit data and position Wide Area Wireless Networks It connects users to the internet over a geographically dispersed territory . These networks typically operate over the licensed spectrum. Cellular radio provides two way radio communications over a cellular network of base stations with seamless handoffs. Different from cordless telephones 1. 2. 3. 4. First generation: cellular networks used analogue signals and had low bandwidth capacity 2G uses digital signals primary for voice communication 2.5G used digital signals and provided voice and data communications 3G uses data signals and can transmit voice and data for different motions. And allows videos, web browsing, and instant messages 5. 4th generation 4G: not defined technology or standard, higher speeds, a. LTE (long term evolution) is a wireless broadband technology designed to support roaming internet access through smartphones. 10x faster then 3g b. XLTE : advanced LTE, is designed to hanle network congestion when too many people in one area try to access an LTE network 6. Fifth generation (5G) is expected to be deployed by 2021. Mobile Computing and Commerce Telemetry applications: refers to wireless transmission and receipt of data gathered from remote sensors The internet of things (IoT) is a system in which any object, natural or manmade, has a unique identity and is able to send and receive information over a network without human interaction. Radio Frequency Identification: allows manufacturers to attach tages with antennas and computer chips on goods and then track their movement using radio signals. Typical code is UPC codes. Active DFIS tags use internal batteries for power and broadcast radio waves to a reader Passive RFID tags rely entirely on readers for their power