Final Exam Study Guide MIS 2101 – Spring 2014 Chap 6: Business Intelligence Business Intelligence (BI) is the use of information systems to gather and analyze information from internal and external sources in order to make better business decisions. BI is used to integrate data from disconnected, non-integrated sources: -Reports -Databases -Spreadsheets Integrated data helps to monitor and fine-tune business processes. BI can help businesses react better to various threats and opportunities, including: -Unstable markets -Global threats -Fierce competition -Short product life cycles -Stringent regulations - Providing wider choices for consumers Involves Continuous Planning at all levels of the business. Databases: Data and knowledge are among the most important assets for an organization. Databases are collections of related data organized in a way that facilitates data searches, mining, storage, & organization. Main Database Elements (Components): Entity—something you collect data about, such as people or classes. Table—contains entities. Consists of rows an columns. Row (record)—a record in a table. One row pertains to one entity instance. Column (attribute)—one cell in a row. Each attribute contains a piece of information about the entity. Pro’s to using Databases: Program–data independence Reduced data redundancy Improved data consistency Improved data sharing & access Increased productivity of application development Enforcement of higher standards all areas of the business Increased security Improved data quality Con’s to using Databases: Requirement for new, specialized personnel Installation and management cost and complexity Conversion costs Need for good backup and recovery policies Organizational conflict Methods/Tools for Managing Database Strategy: Data model—a map or diagram that represents entities and their relationships (e.g., entityrelationship diagram). Data type—each attribute has a specified data type (e.g., text, numbers, or dates). Normalization—a process to make sure the database will operate efficiently. Helps to eliminate data duplication. Data dictionary (metadata repository)—a document explaining information for each attribute (e.g., name, whether it is a key, data type, and valid values). Business rules—prevent illegal or illogical entries from entering the database Most common ways to query a database: Query—a command for retrieving specified information from a database. Structured Query Language (SQL)—the most common language for querying databases. Query by example (QBE)—a simpler query interface using graphical drag-and-drop features; newer and easier way to query databases; no programming skills needed. OLTP: Online Transaction Processing: IT systems used to process customer transactions: e.g. orders, deliveries, invoicing, payments, etc. Data from operational systems are useful inputs to BI & analytical applications. Operational (OLTP) vs. Informational (OLAP) IT systems: one keeps the processes running, the other uses that data to make better decisions, analysis, Bus Intelligence Master Data: Master data is the data that is deemed most important in the operation of a business. It includes data about customers, suppliers, inventory, employees, and so on. Important to have a “single version of the truth” BI applications base analyses on the single version of the truth by accessing multiple databases or using a data warehouse. Data Warehouses: Helps eliminate data inaccuracies, redundancy by integrating multiple databases into a single system (repository). Primary purpose: put key business information into the hands of decision makers. ETL (Extraction, Transformation, & Loading): Process of consolidating data from operational systems into a data warehouse. Components of BI (Business Intelligence) Systems - (three primary types of BI systems): Information and Knowledge Discovery Business Analytics Information Visualization Business Analytics: BI applications to support human and automated decision making Business Analytics—predict future outcomes Decision Support Systems (DSS)—support human unstructured decision making - Decision-making support for recurring problems - Used mostly by managerial level employees (can be used at any level) - Interactive decision aid - What-if analyses Intelligent systems (simulation of human reasoning & intelligence) - Expert Systems - Neural Networks - Agents (Bots) - Knowledge Management Systems Enhancing organizational collaboration Knowledge Management Systems: - Data>Information>Knowledge – managing your most important assets - Capturing the skills, routines, practices, principles, formulas, methods, heuristics, and intuitions that make your business unique & competitive - Used to improve efficiency, effectiveness, and profitability - Documents storing both facts and procedures Information Visualization: Display of complex data relationships using graphical methods to make it easier to understand complex problems and information. - Enables managers to quickly grasp results of analyses - Visual analytics - Dashboards - Geographic information systems Hard vs. Soft Data In Business: Hard data - Facts and numbers - Generated by organizational databases and other systems - Soft data - Nonanalytical information. e.g. latest news stories - Web-based news portals - Customizable, delivery to different media Visual Analytics (Complex Dashboards): Interpreting complex output from BI systems is challenging. Visual analytics combines various analysis techniques and interactive visualization. It’s a combination of: - Human intelligence and reasoning capabilities - Technology’s retrieval and analysis capabilities - Helps to make sense of “noisy” data or unexpected patterns Chapter 7: Enhancing Business Processes with ERP Core Business Processes: Marketing and sales Supply chain management Accounting and finance Human resources (No longer individual area silos, but are now highly interrelated. Processes cross all department boundaries.) Order-to-Cash Process: The processes associated with selling a product or service. Procure-to-Pay Process: The processes associated with procuring goods from external vendors. Make-to-Stock / Make-to-Order Process: The processes associated with producing & manufacturing goods. Make to Stock best for “push” demand (having stuff on the shelf); make to order best for “pull”demand (making stuff after receiving the order). Supply Chain: Core business processes enable the creation of supply chains; resembles a “river” of material Start at source Move downstream Value Chain: Chain—The set of business activities that add value to the end product. Information flows through a set of business activities. Core activities—functional areas that process inputs and produce outputs. (inbound logistics, Operations & Manufacturing, Outbound Logistics, Sales & Marketing, Customer Service) Support activities—enable core activities to take place. (Administration, Infrastructure, HR, R&D, Procurement) The rise of ERP Systems the result of the inefficiencies, inaccuracies, and lack of integration of ‘Standalone” IT systems. Problems with Stand-Alone Systems: Stand-alone applications Not designed to communicate with other system Variety of computing hardware platforms Enable departments to conduct daily business activities Not helpful for other areas in the firm Proprietary systems From vendors Not designed to share with other vendors’ systems Lack of integration Legacy Systems: the current systems in place, often un-integrated. Infrastructure specific Inefficient processes Potential for inaccuracies Too many “rocks in the river” Enterprise Systems: Integrated suite of business applications for virtually every department, process, and industry. - Internally Focused Systems: Support functional areas, business processes, and decision making within an organization New information (value) is added at every step. - Externally Focused Systems: Coordinate business activities with customers, suppliers, business partners, and others who operate outside the organization Streamline the flow of information between companies Characteristics of ERP Systems (e.g. SAP): - Centralized point of access (database) - Conversion of information from legacy systems needed ERP vendors offer a primary platform (enterprise resource planning), and then different modules customers can pick; modules that can be selectively implemented. These include: CRM (customer relationship management) SCM (supply chain management) Product lifecycle management Supplier relationship management Primary approaches to developing an ERB for a business: Packaged software o Written by third-party vendors o Used by many different organizations o Useful for standardized, repetitive tasks o Cost effective Custom software o Developed exclusively for a specific organization o Designed for particular business needs o Higher development costs Primary ERP Benefit – Best Practice: forces all functional areas to work to same best practice. Not always the right solution for every business; e.g. If a company has competitive advantage from its unique business processes, forcing best practices may actually hurt. Business Process Management (BPM): A systematic and structured approach to making process improvements in a business. All or part of organization is involved. Rethinking and redesign of business processes Things to remember to ensure a successful BPM project: Support by senior management Shared vision by all organizational members Realistic expectations Participants empowered to make changes The right people participating Sound management practices Appropriate funding Formula for Success with ERP Systems: Secure executive sponsorship . o Most failures are due to lack of top-level management support. Get help from outside experts. o Consultants are specifically trained. o Implementation tends to happen faster. Thoroughly train users. o Training is the most overlooked, underestimated, and poorly budgeted expense. o Training can prevent dissatisfaction. Take a multidisciplinary approach to implementations. o Include end users from all functional areas in the implementation. Service Oriented Architecture (SOA): Business processes are broken down into services. Services are designed to achieve desired results for service consumer. SOA approach enables businesses to react more swiftly to changing needs. SOA: Multiple ERP applications can access multiple services. Chapter 8: Improving Supply Chains & Customer Relationship Management Supply Chain is also called a Supply Network. A supply chain is a collection of companies and processes moving a product: o suppliers of raw materials o suppliers of intermediate components o final production o to the customer Upstream—flow from sources of raw materials and components. Downstream—flow to customers. Suppliers have their own supply chain. Pro’s & Con’s with Supply Chains: Potential benefits: - Process innovations - Just-In-time Production (JIT) - Vendor-Managed Inventory (VMI) Potential problems - Distorted information - Excessive inventories - Inaccurate capacity plans - Missed product schedules The Bullwhip Effect: Ripple effects in which forecast errors and safety stocks multiply when moving up the supply chain. - Happens when businesses include safety buffer to prevent stock-outs - Small end-product demand fluctuations cause large fluctuations further up the supply chain. - Small forecasting errors at end of supply chain cause large errors further up the supply chain. - Integrated business processes with ERP systems’ helps mitigate the bullwhip effect. Other benefits of good ERP systems: Enhances Corporate Responsibility through increased transparency and accountability in your supply chain. Sustainable Business Practices: o Ethical treatment of workers o Green image Supply Chain Planning - 4 Types of Plans: Demand planning and forecasting o Examination of historic data Distribution planning o Delivering products to consumers o Warehousing, delivering, invoicing, and payment collection Production scheduling o Coordination of activities needed to create the product/service o Optimization of the use of materials, equipment, and labor Inventory and safety stock planning o Development of inventory estimates Supply chain visibility—the ability to track products as they move through the supply chain but also to foresee external events. Supply chain analytics—the use of key performance indicators to monitor performance of the entire supply chain, including sourcing, planning, production, and distribution. SCM Strategy: Needs to balance efficiency & effectiveness. Efficiency—cost minimization. Effectiveness—customer service maximization. Tradeoffs—Supply chain strategy should match overall competitive strategy. Emerging SCM Trends: Supplier portals Customer portals Business-to-business (B2B) marketplaces Key enabling SCM technologies: RFID (Radio Frequency Identification) o RFID will soon replace barcode scanners – success dependent on Walmart initiative XML (Extensible Markup Language) CRM (Customer Relationship Management) - Organizations must work harder than ever to attract and retain customers where comparison shopping is the norm and competitors are just a click away! The Web has changed everything about business! Customers have the power. Economic transformation is taking place; i.e., from transactions to relationships. Keeping customers satisfied is key. CRM Organization-wide strategy Concentrates on the downstream information flow Attract potential customers Create customer loyalty Portray a positive corporate image Managers need to be able to monitor and analyze factors driving customer satisfaction. CRM helps companies search for ways to widen, lengthen, and deepen customer relationships. Widen – Attract new customers Lengthen – Keep current customers satisfied Deepen – Turn small customers into long-term, profitable customers Primary Categories of CRM: Operational CRM o Sales Force Automation o Customer Service & Support o Enterprise Marketing Management Analytical CRM o Data Warehouses o Data Mining & Visualiztion o Business Intelligence (BI) o ERP Systems Collaborative CRM o Methods & technologies to facilitate & improve communications. CRM & Digital Dashboards: Digital dashboards help to visualize key CRM performance metrics. Ethical concerns with CRM: Personalization technology can sometimes get too personal Growing customer concern about companies knowing too much about them But CRM continues to grow as a powerful technology to improve business relationships with their customers Chapter 9: Developing & Acquiring Information Systems: Justifying Investment in IT requires a Good Business Case. Build a strong, integrated set of arguments and evidence. Prove that an information system adds value to the organization or its constituents. Ferret out systems that are not adding value. Proposed system –determine whether the new system is a “go” or a “no-go”. Existing system—determine whether the company will continue to fund the system. Problem: The Productivity Paradox. It can be difficult to measure the actual impact of IT investment. (Note: understand these factors.) Measurement problems (efficiency vs. effectiveness) Time lags (can be significant time between cost outlay and impact on bottom line) Redistribution (just transferring costs & bottle necks to another department instead of eliminating the problems) Mismanagement (NO cure for bad management) Strategies for Making a Good Business Case for IT Investment: Faith - Arguments are based on beliefs about organizational strategy, competitive advantage, industry forces, customer perceptions, market share, and so on - Firm’s mission and objectives, strategy for achieving them, and types of IS needed should be clearly described Fear - Arguments are based on the notion that if the system is not implemented, the firm will lose out to the competition or, worse, go out of business. Fact - Arguments are based on data, quantitative analysis, and/or indisputable factors. - Provide a detailed cost-benefit analysis as proof. Cost-Benefit Analysis: Identifying costs - Total cost of ownership (TCO) - Nonrecurring costs vs. recurring costs - Tangible costs vs. intangible costs Identifying benefits - Tangible benefits vs. intangible benefits Performing cost-benefit analysis - Breakeven analysis - Net-present value analysis Comparing competing investments - Weighted multicriteria analysis Presenting the Business Case Effectively: Know the audience. - People from different areas of the firm typically hold very different perspectives. Convert benefits to monetary terms. - Example: Convert time savings into dollar figures. Devise proxy variables. - Alternative measures of outcomes - Example: Reduction in administrative tasks, more customer contact Measure what is important to management!! - Concentrate on the issues senior business managers care about. - Hot-button issues: Cycle time, regulatory and compliance issues, customer feedback, employee morale Options For Developing IT Systems: Customized Vs. Off-the-Shelf Software: General purpose systems typically are purchased off-the-shelf. Specific, custome needs often cannot be met by off-the shelf software. Companies capitalizing on a first-mover advantage often cannot purchase existing systems. Customized Software: Developed in-house or contracted/outsourced to a specialized vendor Advantages of customized software - Customizability - Fit with business operations, culture, and so on - Company only pays for features actually needed. - But Expensive! Off-the-Shelf Software: Packaged software that is already tested & used by many organizations Supports common business processes that do not require any specific tailoring Advantages: - Less costly - Easy to procure - Require no specific tailoring Most organizations combine both custom and Off the shelf software to build systems in the most costeffective way. IT Development In Action: Take a very big organizational problem and make it more manageable by breaking it down into a number of smaller problems/pieces. SDLC (System Development Life Cycle): Systems Development follows a definite life cycle. Phase 1: Systems Planning and Selection - Identify, plan, and select a development. Phase 2: Systems Analysis - Collecting Systems Requirements - Modeling Data - Modeling Processes and Logic Phase 3: System Design - Human–computer interface - Databases and files - Processing and logic Phase 4: System Implementation and Operation Transformation of design into a working information system - software programming and testing Preparing the organization for using the new information system - system conversion, documentation, user training, and support System Conversion – Implementation Strategies: Parallel – old & new systems are operated at the same time until safe (most conservative strategy when it is truly mission critical) Direct – old system is shut down one day & new system is up the next day (quickest & most cost effective strategy; good for non-critical systems) Phased – parts of the new system are implemented in pieces over time (reasonably conservative approach with critical systems) Pilot – Try entire new system with one location or department to de-bugg system before it is rolled out to the rest of the organization Important to spend time & money to Document everything about the new system: Training How system works System specifications Support Technical & User Information System Maintenance: One of the most overlooked but critical part of any IT System Implementation Often the most important part of any implementation plan occurs at this point Prototyping & End User Development: SDLC is not always the best approach to developing new systems; need the ability to experiment & try new ideas quickly & cost-effectively - Agile Methodologies - Extreme Programming - Rapid Application Development (RAD) - Object-oriented analysis and design Potential Problems with Building IT Systems In-House: Situation 1: Limited IS staff - Staff may be too small. - Staff may be occupied in other ways. - Staff is not capable of developing the system without additional hiring. Situation 2: IS staff has limited skill set - Many organizations have outside groups manage their Web sites. - Take advantage of specialized skills (by going outside) Situation 3: IS staff is overworked. - Staff does not have time to work on all the required systems. Situation 4: Problems with performance of IS staff - Derailed IT departments - Staff turnover - Changing requirements - Shifts in technology - Budget constraints Major Strategy in IT Development – External Acquisition: Competitive bid process—find the best system for lowest possible price. - Systems planning and selection - Systems analysis - Development of a request for proposal - Proposal evaluation - Vendor selection The first two steps are similar to SDLC. External Acquisition Process: Create RFP—documentation detailing system requirements sent to prospective vendors Establish an objective way to evaluate proposals based on clear metrics Vendor Selection – Determine the best vendor fit for your organization Managing Software Licensing: (Understanding Legal Obligations of Using Software Is Critical To Your Implementation Success!) Other IT Development Options: ASP (Application Service Providers “The Cloud”) Problems that challenge organizations: - Managing the software infrastructure is a complex task. - High operating costs - Scalability issues ASPs provide software as a service (SaaS) - Reduced need to maintain or upgrade software - Variable fee based on actual use of services - Ability to rely on a provider’s expertise Chapter 10: Securing IT Systems Primary Threats to IT Security: Natural disasters - Power outages, hurricanes, floods, and so on Accidents - Power outages, cats walking across keyboards Employees and consultants Links to outside business contacts Travel between business affiliates Outsiders: (attacks on your systems) - e.g. Viruses Definition of Computer crime—The act of using a computer to commit an illegal act. - Targeting a computer while committing an offense. - Using a computer to commit an offense. - Using computers to support a criminal activity. More Definitions: Hackers – Often the motivation is curiosity, not crime. Crackers—those who break into computer systems with the intention of doing damage or committing a crime; the real criminals. Hacktivists—Those who attempt to break into systems or deface Web sites to promote political or ideological goals Four ‘types’ of computer criminals: Current or former employees - 85–95% of theft from businesses comes from the inside People with technical knowledge committing crimes for personal gain Career criminals using computers to assist them in crimes Outside crackers hoping to find information of value “Malware” – a term used to describe “malicious software” such as viruses, worms, and Trojan Horses. Virus - a destructive program that disrupts the normal functioning of computer software. Worm – a variation of a virus that is targeted at networks, taking advantage of security holes Trojan Horse - Does not replicate, but causes damage. Codes are hidden, waiting for a trigger. Logic bombs or time bombs: (Variations of Trojan horses) - Time bombs are set off by specific dates; logic bombs are set off by certain types of operations. Denial of Service Attack: Major type of attack on businesses today Attackers prevent legitimate users from accessing services: - Zombie computers - Created by viruses or worms Attack Web sites Servers crash under overwhelming load by machine created ‘demand’ Other Types of ‘Malware: Spyware Adware Spam (Electronic Junk Mail) Phishing (Spoofing): Attempts to trick users into giving away credit card numbers Phony messages Duplicates of legitimate Web sites Identity Theft: Fastest Growing “Information Crime”: Stealing another person’s: - Credit card number - Social Security number - Other personal information Results in bad credit for victim Cybersquatting: The practice of registering a domain name and later reselling it. Cyber Harassment, Stalking, and Bullying: Crime that broadly refers to the use of a computer to communicate obscene, vulgar, or threatening content. Examples: - Making false accusations that damage reputation of another - Gaining information on a victim by monitoring online activities - Using the Internet to encourage others to harass a victim - Attacking data and equipment of a victim by sending e-mail viruses or other destructive code - Using the Internet to place false orders for goods or services Software Piracy: A HUGE global problem Intellectual property: - Patents: process or machine inventions - Copyrights: creations of the mind Illegal activities - Making copies of purchased software for others - Offering stolen proprietary software Factors influencing digital piracy around the world: - Concept of intellectual property differs between countries - Economic reasons for piracy - Lack of public awareness about the issue Cyberwarfare: A Military’s attempt to disrupt or destroy another country’s information and communication systems. Systems at risk: - Command and control systems - Intelligence collection and distribution systems - Information processing and distribution systems - Tactical communication systems and methods - Troop and weapon positioning systems - Friend-or-foe identification systems - Smart weapons systems Propaganda - Web vandalism - Cyber propaganda Cyberterrorism: Governments are not involved; hard to pinpoint. Attacks can be launched from anywhere in the world. Goal is to cause fear, panic, and destruction. Cyberterrorism will likely become weapon of choice. We are vulnerable, because of our increasing dependence on technology (double-edged sword) Information Systems Security: We are under attack from all sides: Internal threats External threats Methods for managing the risk of IT Systems: Conduct Information systems audits!! IT System Audit Process: Risk analysis - Process of assessing the value of protected assets - Cost of loss vs. cost of protection Risk reduction - Measures taken to protect the system - Risk acceptance - Measures taken to absorb the damages - Risk transfer - Transferring the absorption of risk to a third party (insurance) Technological Safeguards: Physical access restrictions Firewalls Encryption Virus Monitoring and prevention Audit-control software Dedicated facilities Human Safeguards: Federal & State Laws Effective management of employees (e.g. training, on-going management) Reinforce Ethical Behavior Effective IT Controls in Organizations: Utilize effective technologies & applications Effective supervision & management practices Organizational Policies & Procedures Physical access restrictions Firewalls Encryption Virus Monitoring and prevention Audit-control software Dedicated facilities