Anda di halaman 1dari 263

Management of

Information Systems
 Introduction to MIS, IS/IT strategy
 Strategic IS/IT planning
 MIS applications and SDLC
 Alternatives to SDLC
 Operations Management
 Controls & IS’s
 Measuring IT investment and their returns
Reference Books:
 Management of Information
 Carroll W. Frenzel & John C. Frenzel

 Management Information Systems

 Laudon & Laudon
Assessment %
Presentation 10
Pre-Course Assignment 20
Main Assignment 20
End-of Term Exam 50
Introduction to MIS, IS/IT
 Management of Information
Technology - chapter 1,2,3
 Carroll W. Frenzel

 Management Information Systems –

chapter 1,2
 Laudon & Laudon
Information System (IS)
 Aggregation of components that work
together to process data and produce

 IS can be defined technically as a set of

interrelated components that collect (retrieve),
process, store & distribute information to
support decision making & control in an

Why do we need
Information Systems?
Transformation of industrial
Transformation of the environment
Success of organizations depends on
their ability to operate globally.
24/7 global service requirements
Global Competition
Global delivery systems
Transformation of Industrial
Information has become a basic resource
in today’s society – information society

Some services would not exists or would

be too expensive without information.
Transformation of the Enterprise
The traditional hierarchical, centralized
Employees are specialists
Operates based on standard rules
Mass produces a standardized product
Can operate without IT
 The new flattened, decentralized
 Employees are generalists
 Operates on access to real time
 Produces mass customized products or
 Relies on IT
Information Systems

Informal Formal

Computer Based Manual

(Pens paper)
Types of Information
Type of Information Groups
System Served
Level Senior Managers

Management Middle
Level Managers
Knowledge &
Knowledge Data Workers

Operational Operational
Level Managers

Sales & Manufacturing Accounting HR

 Mangers at different levels of an
organization make different kinds of
 Kind of information necessary to
support their decisions are also different
 Therefore, different types of
information systems have to be
designed to meet the various needs
Types of IS
 ESS - Strategic level
 MIS - Management level
 KWS - Knowledge level
 TPS - Operational level
Transaction Processing
System (TPS)
 Found at the operational level of an

 Supports operational Managers &

operations personnel.

 It is a computerized system that records the

daily routine transactions necessary to
conduct business.
 Main purpose: To answer routine questions
(What happened to Mr. XXX’s payment?) and
to track the flow of transactions through the

 Information must be easily available, current

and accurate.

 Usually has high volumes of inputs and

 Examples: Hotel reservation systems,
order entry systems, banking systems,
airline reservation systems etc.
Main Features :
TPS spans the boundary between the
organization and the environment.
TPS produce information for the other
types of systems.
 A failure in the TPS often means
disaster for the organization
 Imagine what will happen if:
 A reservation system at an airline
 When a bank’s TPS crashes.
Knowledge Work Systems
 Supports skilled knowledge workers in
creating and integrating new knowledge.

 Examples:

 CAD systems used by product designers,

simulation systems, financial systems etc.
 Knowledge Workers are people who
create, use and distribute information
such as executives, accountants,
engineers, lawyers etc.
Office Automation Systems
 Supports general office work for handling and
managing documents and facilitating

 Used mainly by data workers (clerical staff) to

produce professional documents and to control
the flow of paper work in an organization.
 Examples:
 Word processors, Spreadsheet
packages, presentation packages,
note taking packages (notepads,
appointment books) etc.
 Communication systems for
transmitting messages such as E-mail
and teleconferencing systems etc.
Management Information
Systems (MIS)
 Serves the management level of an

 MIS extracts, process and summarizes data

from the TPS and provides periodic
(weekly, monthly, quarterly) reports to
managers for monitoring, controlling,
decision making and administrative
activities of the organization.
 Features of an MIS:
 Contains only company internal data
 Uses simple routines (summaries and
comparisons )
 Relies on existing past & present data
 Examples:
 Sales management systems,
inventory control systems, annual
budgeting systems etc.
Decision Support Systems
 Helps managers make decisions
 Have more analytical power than other
systems. These systems use sophisticated
analysis and modelling tools such as what-if
analysis, Goal-seeking /optimization
 Offers users flexibility, adaptability and
quick response.
 Use internal information from TPS and MIS
but often brings in information from
external sources (eg: Stock prices or prices
of competitors)

 Example: Production scheduling systems,

Pricing analysis systems etc
Executive Support Systems
 Helps senior managers address strategic
issues and long term trends, in the
organization and the external environment.
Help answer questions like:
 What are the long term industry trends?
 What products should we be selling in five

 Main purpose: match changes in the external

environment with existing organizational
 These systems are designed to incorporate
data about external events.

 Draws summarizing information from MIS &


 User friendly, but very expensive to

Concepts of Information
Critical Success Factors
 Critical Success Factors are those few areas in
which results, if they are satisfactory, will
ensure successful competitive performance for
the organization.

 CFS identifies the areas where things MUST

go right - the necessary conditions for
 Examples:
 The executives of a department store
would probably consider factors such as
its sales promotion efforts to be critical
to its survival and success
 Automotive Industry- Styling, Energy
 Hospital- Cost control, healthcare
 The CSF method is applied in the form of
interviews usually conducted in two or three
1. Goals of the managers are discussed and
recorded. CSF’s that affects these goals are
brought forward.
2. Information needed about these CSFs and
how and where to obtain these information
are established.
Technology’s Strategic
Strategic Information Systems
• A SIS is an information system which
supports an organization in fulfilling it’s
business goals.

• Information systems whose unique

function or specific application shapes
the organization’s competitive strategy
and provides competitive advantage
for the company.
• Systems that fundamentally change the
organization itself.

• It is not an ESS……

– SIS can be at any level

– SIS achieves competitive advantage

– SIS cannot be outsourced

• Examples: American airlines reservation

system, Stock Brokerage System of Merrill
External Environment
• Refers to the forces and institutions
outside the organization that can
affect the firm’s performance.

• External environment is made up of:

– General environment
– Task environment
General Environment
• Includes everything outside the
organization such as:
– Political environment.
– Economic forces.
– Socio- cultural influences.
– Technological factors.
Task Environment
• The layer of external environment that
directly influences the organization’s
operations and performance.

• This includes sectors that have a direct

working relationship with the
organization. Eg: suppliers, customers
Porter’s Model
• The model helps to understand the
basic forces affecting an
organization in a competitive
• These forces include:
– Threat of Potential new entrants into its
– Companies offering substitute products
and services
– Firm’s Suppliers
– Firm’s customers (buyers)
– Firm’s competitors
Threat of new entrants

• If an industry is very profitable, then the

expectation is that new firms may attempt to
enter into the industry

• Threat of new entry is largely determined by

the presence of barriers to entry and exit.

• Barriers of entry are obstacles which prevent

the entry of firms into an industry.
• There are several sources of barriers
to entry:
– Economies of scale
• As a firm grows in size, or as the scale of
production increases, certain economies
occur which serve to reduce the average
cost of production.

– Initial capital requirements

– Legislation/govt regulations
– Advertising and branding etc…
• Barriers to exit refer to the cost of
leaving an industry. The cost of exit
depends upon how industry-specific the
assets of the firm are.
Competition from substitutes
Competition from substitutes depend on:
• Relative price performance of substitutes
• Switching costs
• Brand loyalty of customers for the
Bargaining Power of Suppliers
• Suppliers can exert bargaining powers on
buyers by raising prices or reducing quality.
• A supplier group is powerful if:
– Industry is dominated by a few companies
– Product is unique or if it has built up
switching costs
– The industry is not an important customer
of the supplier group.
– If the brand of the supplier is powerful.
Bargaining powers of the buyers
• A buyer group is powerful if:
– Purchases in large volumes.
– Standard products where the buyers can
find alternatives
– The industry’s product is unimportant to
the quality of the buyer’s product or
– Buyers pose a threat to making the
industry’s product.
Rivalry between Established Firms
• Numerous equally balanced competitors
create intense rivalry.
– This can be due to lack of differentiation or
switching costs etc.
• Use tactics like:
– Price competition
Sometimes competition can be so fierce between
firms that prices are driven below costs
– Product introduction
– Advertising
• The model shows that competitors must take
strategic actions to:
• Diminish customer or supplier power
• Lower the possibility of substitute
products entering the market
• Discourage new entrants
• Gain competitive edge within the
existing industry
Competitive Strategies
Strategic Thrusts (Wiseman)
• Strategic thrusts are major
competitive moves made by a firm.
These thrusts are:
– Product differentiation
– Cost
– Innovation
– Growth
– Alliance
– Time –added by Frenzel
Product Differentiation
• Create unique new products & services
that can easily be distinguished from those
of the competitors
– Examples:
• Volvo  better safely features
• Whirlpool  dishwashers that run
quietly …
Or….Perceive products as different from
and better than those of competitors
Differentiation variables….
• Product –
– Design, style, features, performance,
repairability etc
• Service –
– Ordering ease, delivery method,
training, maintenance & repair etc
• Personnel –
– Competency, courtesy, credibility,
reliability, responsiveness etc
• Reduce costs to the firm
• Increase costs to competing firms
• Make a more upscale product at
lower costs than the makers of
other brands with comparable
features and attribute
• Save costs through:
– Economies of scale through
automation, specialization etc.
– Economies of scope through
extension into additional
operations which can share
infrastructure costs.
• Developing new products and
• Two kinds:
– Product innovation
• Creation of new products
• New features in existing products
– Process innovation
• To improve efficiency and effectiveness of
a process.
• Product growth
• Functional growth
– Advantage through expansions,
forward & backward integration
• Geographic growth

– Advantage is attained by reaching

agreements , forming joint
ventures, or making strategic
• Improved Cash Flow
• Innovative Products
• Credibility etc.
• Competitive advantage is secured
by rapid responses to changing
market conditions or by supplying a
more timely flow of products or
Other Considerations…..

• Organization and Environment

• Financial Implications
• Legal Considerations
Developing the Organization's IT
Some definitions
Overriding purpose in line with the
values or expectations of the
Johnson & Scholes

Communicates “Who we are, what we

do, and where we are headed”
Therefore, the key elements of a
mission statement can be identified as:
– Obligations to the stakeholders
– Scope of the business
– Sources of competitive advantage
– View of the future
“We are in the business of developing
competencies in people and
organizations through training and
A broad statement of long-term (typically
a time horizon of one year or more)
accomplishments an organization wishes to
– To increase the market share
Specific commitment to achieving a
measurable result within a specific
period of time , usually a year or less.
An objective should be:
– Specific
– Measurable
– Related to time
– Test 1: does the statement tell what the
intended result is?
– Test 2: does the statement specify when
the intended result is to be accomplished?
– Test 3: can the intended result be
– To achieve an 18% increase in brand
X sales by December 2010.
– To reduce bad-debt loss by Rs
50,000 during the next 6 months.

Mission Increase shareholder's wealth.

Goal Obtain a satisfactory return on
investment (ROI).
Objective A ROI of 16% by the end of year

A collection of statements that express

or propose a means through which an
organization can fulfill its primary
purpose or mission.
A strategy ….

Can be seen as the matching of resources

and activities of an organization to the
A company must either fit its strategy to the
industry environment in which it operates, or
be able to reshape the industry environment
to its advantage through its chosen strategy.
Strategic Management
Process of formulating and implementing
strategies to advance an organization’s
mission and objectives and secure
competitive advantage.

Process by which an organization establishes

its objectives, formulates actions designed
to achieve these objectives in the desired
timescale, implements the actions and
assesses progress and results.
Strategy Development
Examine the mission statement of the

Carry out a comprehensive

environmental analysis.
Assess the findings in terms of opportunities
the organization can exploit and threats it

Analyze the organization’s internal

resources (financial capital, technical
expertise, skilled work force etc) and
thereby identify the Organization’s internal
strengths and weaknesses.
Develop set of Objectives

Formulate the strategies

Assess the performance of the
implemented strategies by examining
and comparing the results with the
original plans.
This will enable an organization to
determine to what level it has achieved
its goals.
Maintenance Process
– Review the environment and reassess
the course of action.
Strategy Document Outline
Examine the nature of business.

Environment surrounding the

business activities.

Goals and objectives the units hope

to achieve.

Strategy ingredients.
Strategy Ingredients

Statement of intended course of action

– Steps should lead to realize objectives
– Be consistent with other interests
– Be preferred over other alternatives
–Major assumptions the strategy
is based on
–Technical capabilities, functional
support, potential competitive
Risks associated with the strategy
– Nature of risks in the strategy
– Potential impact on the strategy

Available options
– What optional course of action can
offer reasonable insurance against
significant risks
Conditions on which the strategy
– What strategies are the key
– Their nature and significance

Statement of required resources

– HW, SW and staff requirements
Financial Projections
– Revenue, cost and capital requirements.

Alternatives Rejected
– Documentation of alternatives with
reasons for their rejection.
Types of Strategies
Business Strategies
A business strategy seeks to determine
how an organization should compete in
each of its businesses.

Strategy is about how to compete

successfully in particular market.
Concerns are therefore about:
• How advantages could be achieved over
• What new opportunities could be
• What products or services should be
developed etc.

These strategies have revenue and profit

Functional Strategies

Functional strategies are directed at

improving the effectiveness of functional
operations within a company such as
manufacturing, marketing, HR, R & D etc

These strategies should support business

Stand-alone Strategies

A specific strategy for dealing with

unique threats/situations (usually
outside the normal planning cycle) or

Capitalize on current opportunities

The Strategic Time Horizon
The time horizon depends upon the
business the organization is in.

It is usually an annual process

– The time periods are usually analyzed
on a rolling basis, with the horizon
constantly moving forward in
increments of the organization’s fiscal
Strategy Maintenance
Business conditions change with effects on
the strategy. Therefore, strategies require
periodic examinations.

Actual developments must be tracked

against assumptions, dependencies and risks.

Periodically or when deviations arise, the

entire strategy should be re-examined and
IT strategy Topics
To address Business Aspects
–IT strategies need to be aligned
with the firm’s goals and
To capitalize on Technical Issues
–Strategy should reveal the
practical utilization of technologies
in support of the organization’s
goals and objectives.
To comply or achieve Financial
–IT strategy must match the firm’s
financial ground rules
–Strategy must acknowledge
resource constraint
To address organizational Concerns
– How does IT strategy affect other
areas and vice versa
– The strategy should demonstrate IT
organization’s contribution to the firm
Personnel Considerations
– To recruit, train and keep good
people both in the department and
across the entire firm
Information Technology
 Planning
is a process by which strategy is
converted to action.
 Good planning is essential to continued
success in a business
Model for IT
Application Considerations
 The application portfolio consists of the complete
set of application programs the firm uses to
conduct its automated business functions.

 The plan should deal with the application portfolio

 Selection of projects to be implemented
 Which application deserves maintenance, revision, or
expansion? Which should be scraped? What new needs
are there? What resources are available to implement
the projects selected?
System Operations

 These are the processes for running the

applications of an organization

 Thisincludes data collection, application

execution & distribution , Storage of
results etc.
 IT managers must plan system operations
to satisfy customers. Therefore, careful
planning must be done to identify their

 Thisis important as the organization

depends on these outputs for a successful
and efficient operation.
 System operations planning should
Servicelevel planning, problem, change and
recovery management, capacity planning
and network planning.
Resource Planning
 ITresource items consists of money,
equipment, people and space.

 Space plans
Requirements of space and other facilities,
A/C, ventilation, electrical power, telecom
equipment etc.
 People plans
Identifies requirements for people according
to skill level and considers their development
and deployment over the planning period.
This addresses hiring, training, re-training
 Financial plans
Summarizes equipment, space, people and
miscellaneous costs.

 Administrative Actions
Plan’s assumptions and ground rules should
be clearly laid out.
Coordinate with units that the plan affects.
Plan review meetings with functional
managers , steering committees to guide
the planning process.
 Technology Planning
Monitor advances in technology
Assess new technologies for the firm
Evaluate benefits and problems of new
Areas such as Programming tools,
Operating systems, Vendor application
S/W, Advances in storage devices,
Telecommunication systems etc should be
Other Approaches to
Nolan's Stages of Growth

 Nolan's theory about stages of growth

can be used to determine which stage the
firm is in and then make plans according
to the movement to the next stage.
Stages of Growth
by Richard Nolan & Cyrus Gibson
Organizational use of Information Technology
tends to follow a predictable pattern over
1. Initiation 4. Integration
2. Contagion 5. Data Administration
3. Control 6. Maturity
Critical Success Factors

 Any plans formulated by the IT

department should cover the overall
critical success factors for the
organization, so that the necessary
conditions for success are met.
Business Systems Planning
 Developed by IBM.

 Main objective: to identify the data that is

essential to run a business. Therefore, it focuses
on data and the processes of an organization.

 Defines an Information Architecture for the

organization. The basic building blocks of the
architecture are Data Classes and Business
Integrated Approach (Sullivan)

Degree of Diffusion

CSF Eclectic
Stage of
Low Growth BSP
Low High
Degree of Infusion
 Sullivan
found two factors correlated with
planning effectiveness:
 Degree to which IT has penetrated the firm (high
impact or low impact on the firms)
 Extent to which IT is disseminated throughout the
firm (concentrated or spread)
 For example, CSF method is suitable if IT has
spread throughout the organization but has a low
The Planning Horizon
 The time over which various plans are
active (time span of the plan)
 Three types of plans:
Strategic plans
Tactical plans
Operational plans
 The plans cover:
Different time periods
Different amounts of detail
Strategic plan
 Represents long term implementation.
 Typically covers a period of two years from
now and goes further into the future (about 5
 The plan should cover actions for achieving the
long-rang goals and objectives, allocate
resources, convert assumptions to realities,
mitigate risks etc.
 Therefore, an organization’s strategic plan is
also a financial statement of projected
revenues, expenses, costs, investments etc.
Tactical Plans (intermediate-range plans)

 Covers from now to about two years into the


 These plans are usually used to measure

manager performance.
Operational Plans
 Short-range, from now to 3 months, based on
prior tactical planning
 Provides direction on a day-to-day/week-to-
week basis
 Plans are detailed, subject to frequent
 Used by first-line, non managerial employees
Planning Time
 Planning schedules for an organization
should be closely related to its fiscal
 The entire process is cyclical and
Managing Application
Reasons for development difficulties
• Those associated with programming.
• Problems related to the firm or its
– Inadequate development tools
– Improperly skilled developers
– Environmental factors
• Schedule pressures, unrealistic expectations, company
policies etc
– Weak management controls
Application Project
Steps in application project management
• Business case development
• Phase review process
• Managing reviews
• Resource allocation and control
• Risk analysis
• Risk reduction actions

• Development managers use these items as a

decision-making framework
Business Case Development
List outs:
• Investment resources and investment returns
– Benefits (tangible and non-tangible)
– Expected costs
In preparing the document:
– State objectives of the project
– Carry out a cost benefit analysis. Use standard
financial analysis methods. (eg: NPV, IRR, PB
methods) for alternative courses of action.
– Calculate ROI
Phase Review Process
• Occurs when each phase in the SDLC ends.
• End result is a decision to continue the
project, continue with modifications or
terminate it. Therefore, managers require
significant amount of critical information to
accurately assess the project’s progress and
make judgments
The phase review must cover
– Project description
– goals, objectives
– Budget and staffing plans
– Plans Vs. actual accomplishments etc
The review is conducted by:
– IT manager or his representative
– Client
– Reps of all functions influencing or affected by
the project
Managing the Review Process
• Document each phase review clearly.
• Documentation should include:
– Project scope, contents, resources,
– Phase review results and conclusions
• Prepare summery reports and
distribute to all concerned parties.
Resource Allocation and Control

• Plans and schedules of allocation of

resources for a project.

• The phase reviews should compare

expected resource consumption to
Risk Analysis
• Managers must search for areas of risk.

• Develop quantifiable measures for risk


• Track risk measures to recognize trends

over the project’s life.
Risk Reduction

• Eliminating all project risks may be

impossible!! ……but…
• Identification of risky areas is important
• Leading indicators alert the managers
when the project is heading for trouble.
Development Alternatives
Development Choices
Build it your self
Buy it
Let some one build it for you -Outsourcing
End user development
In many organizations, end users are
developing systems with little or no
formal assistance from the specialists.
 Business application programs for
 Accounting,marketing, finance
 WP, Spreadsheet , DB design (Access)
 Engineering design packages etc
Improved requirements determination
User involvement and satisfaction
Breaking the barrier between the user and
the programmers
Cannot develop large, complex systems.
Lack of proper quality assurance standards
and controls.
Uncontrolled data.
Proliferation of “private” information
Cannot develop large, complex systems.
Purchased applications
When to purchase ?
 Where functions are common to many
 Where in-house resources are scarce.
Early availability
Well-known functions
Known and verifiable quality
Lower total cost
Availability of maintenance
Periodic updates
Education and training
 Strategic systems cannot be purchased.
 Integration problems.

 Difficult to customize.
Service quality.
Predictability- Reduces uncertainty of costs
Freeing up human resources for other
Freeing up financial capital
Reduce risk of failure

Changes to specifications - costs MONEY
Diffuses company information
When to outsource?
When there are limited opportunities
for the company to distinguish itself
competitively through a particular IS
When the predictability of
uninterrupted IS service is not very
When outsourcing does not strip the
company of the technical know-how
required for further IS innovation.

When the firm’s existing IS capabilities

are limited, ineffective, or technically
Other Alternatives
Partnerships, JVs, alliances etc
Service Bureaus
 Eliminates development, maintenance costs
 Reduces in-house HW requirements
Developing and
Managing Customer
Service Level Agreement (SLA)
It is a contract between a service provider
and the customer that specifies in
measurable terms:
The services provided
Acceptable and unacceptable service levels
Metrics associated with the services
Liabilities on the part of the service provider
and the customer, and
Actions to be taken in specific circumstances.
Purpose of a SLA
Establish acceptable service levels for IT
clients. Thereby gives a clear understanding
of what is expected from and delivered by
IT operations

Reduces conflicts, levels expectations, places

IT services on a more business-like basis and
reduces threats from competitive suppliers or
SLA Contents
Effective date of agreement
Agreements duration
Type of service provided
Service measures
Availability, performance, reliability, response times
Resources needed and/or costs charged
Customer duties and responsibilities
Monitoring and reviewing
Handling of disputes
Reporting mechanism
SLA Service Specification - Example

Type of Service Application Hours of Use

Data entry Inventory Daily
application 6.00am –
Week days 6.00am to 7.00 pm
Saturday Can be scheduled 24hrs in
Sunday advance
Emergency service only
Problem, Change and
Recovery Management
Problem, change and recovery mgt
ensure service level attainment

Purpose is to correct deviations from

the norm and prevent future deviations
Problem Management
 Anincident, event or failure that
negatively impacts the ability to
deliver the services committed in SLA
Problem Management

Process of minimizing the impact of a

problem affecting the service levels

Method for detecting, reporting and

correcting problems affecting the
service-level attainment.
Goals of problem management
 Reduce service defects & incidents
 Reduce defect cost

..and thereby achieve committed service

Problem Sources
 Hardware, Software, Network, Human or
procedural errors, Environmental
Problem Management
Problem Reports

 The purpose is to record the status of

incidents from detection through solution.

 The report should include:

 Time and duration of incident, description,

category, severity code, individuals
responsible for the solution, estimated repair
date, action taken to recover, actual repair
date, final resolution action.
Problem Logs
 Records all problems/incidents and the
actions assigned during some fixed period
( eg: last 12 months).
Problem Determination
 Problem Status Meetings
 The committee clarifies the problem based on
description, category and severity etc.
 Assign priorities, draw up action plans,
decide responsibilities and target dates for
Status reporting
 Resolution status is reported to the
 If satisfactory, the problem report is
 If change is required change management
process is invoked
Problem Management Reports

Summery reports must be prepared

documenting the effectiveness of the
problem management process.

The summery data can be used to reveal

trends that will enable service providers to
set new service levels.
Benefits of using a formal approach

There is a standard way to approach every

problem. This saves time.

The solutions will be permanent.

The number of incidents will reduce.

Improved quality of IT services.

 Learn from the mistakes. This will minimize

failure and reduce the impact of failure.

Obtain a better “first-time fix” rate of

Problem Management Success

Process is designed to solve problems and

not to evaluate people.

Managers must foster a free and open


Participants should take the responsibility of

resolution; not equivalent to accepting
responsibility for causing the incident.
Change Management
Why do we need change
 Changes tend to generate problems
 Change is a way of life for IT …
Change Management
 It
is a disciplined approach to analyzing
and implementing system changes.

 Itis a management technique for

planning, coordinating, handling and
reporting system changes that could
negatively impact service delivery
Goal –
 Tominimize risks associated with system
changes and in turn..

 Maintain highest possible service levels

Change Sources
Hardware changes
OS changes, application software changes
Environmental changes
Procedural changes
Equipment relocation
Problem management-induced changes
Change Management Process
Change Request
 Records details of change actions from initiation
through implementation.
The report records:
 Description of change, risk assessment, testing
procedure, recovery procedure, implementation
plans etc.
Change Analysis
Prioritization and Risk Assessment
Planning for Change
Management Authorization
Change Management Team
Consists of IT Personnel, HW and SW
vendor liaisons, facility manager etc.
Reporting Change Management
Communicate successful change
implementation to all relevant parties
Periodically assess process effectiveness and
trends using log
 Areas requiring change, problem areas,
expectation Vs results, emergency action taken
Change Management benefits

Reduce adverse impact of change on the

quality of the SLA.

Better assessment of cost of proposed


Greater ability to absorb a larger volume

of change.
Recovery Management
Recovery management is the process of
planning to provide services to the
users in the event of a failure or
Recovery management needs to examine all
possible “what-if? ” scenarios.

Classify them by severity and potential

occurrence and come up with plans for
dealing with the various scenarios.
Risk of Loss

High Low

High Recovery Planning

Low Contingency Problem

Management Management
Recovery Plans

Plans that deal with potential situations that

have a high probability of occurrence with
risk of loss varying from low to high.

These plans provide backup resources to

help restore services.
Contingency Plans

Plans that deal with potential situations that

have a high risk but have a low probability
of occurrence.

The plans ensure successful performance of

critical jobs during periods when services
and resources are lost or damaged.
Crucial Applications
 The applications most critical to the firm’s
operation should be identified to enable
prioritization for recovery planning and
 Understand the tradeoffs that may be
necessary to enable recovery to occur.
 Plansshould include all environmental
parameters needed for a successful
operation of every application.

 Environmental factors can include:

 H/W components, software, communication
resources, new data, knowledgeable
personnel etc
Emergency Planning

Emergency planning prepares for natural

and man-made disasters and catastrophic
events and must include the entire firm.

Steps should be taken to limit the damage,

solve problems and resume normal business
In emergency planning, early detection &
containment is important to limit the

Therefore, plans should include procedures

for evacuations, shelter, containment, and
Plans must be clearly and concisely
documented, frequently tested, made
known and trained, the potential

Several strategies may be available

for coping with emergencies and
 Manual procedures
 Back-up systems

 Data services
Manual procedures
 Least efficient and least desirable.
 Suitable for small outages or simple systems

Back-up systems
 Back up systems may be located in-house or at
cooperating firms
Service bureau firms can also be used to
handle processing in emergencies.
When planning….
Personnel strategies
 In-house staff/external staff
 Provisions for notifying key people

Equipment and space planning

Written emergency processes
Emergency personnel roster and
Recovery plan testing
Measuring IT Investments and
Their Returns
 Many firms spend around 2-5% of
revenue on IT every year.

 Most organizations treat IT expenses as

 Accounting for IT resources is complex
 IT resources take different forms (H/W,
S/W, maintenance, labor, N/W
operations etc)

 Many hidden costs (eg: administrative


 Resources are scattered throughout the

 Due to these reasons, IT investments are
restrained due to the incapability of
quantifying the returns.

 Therefore, a sound IT cost accounting system

is critical.
Objectives of Resource Accountability

 Measure progress towards objectives

 Provide basis for financial control
 Communicate important information to
 Measure individual and unit performances
Recovering Costs from
Benefits of IT Cost Recovery

 Helps clarify costs and benefits of IT

 Strengthencommunication between IT
service provider and client.
 Reduceunnecessary expenses and thereby
improve the overall effectiveness.
 Encourages effective resource use.
 Enables IT benchmarking.
 Disadvantages
 Administrative overheads
 Some organizations may not be
intellectually prepared to operate an
effective charge-back system.
 It is an alternative IT accounting method which
distributes all costs of IT to users as accurately
as possible, based on actual costs and usage
 Although accurate allocation sounds desirable in
principle, it can create problems in practice.The
most accurate measures of use may reflect
technological factors that are totally
incomprehensible to the user.
Goals of Charge-back Systems

 Ease in administration  cost effective

 Easily understood by customers
 Simpleparameters make the charging
process easy to administer
 Equitable distribution of costs
 Promote effective use of IT resources
 Provideincentives towards newer
Methods for handling IT cost
Profit Center

 An organizational unit or department

designated as a separate entity for the
purpose of revenue generation and
cost collection with decision-making
 It is like a business within a business.
Therefore, has its own revenue/profit
targets and expenses.
 IT recovers its’ costs and expenses by
charging the clients-> Can develop
profits or losses on its operations

 Platform
for education- Promote business
 Usersand IT managers gain exposure to
financial consequences of otherwise
hidden issues.
 Provide benchmarks and comparisons
 Helps measure IT effectiveness
 Improves financial management
 Real costs helps in SLA negotiations, to
make develop/buy decisions of
application portfolio

 Administrative overheads
 Not necessarily improve overall
 Internal competition, internal friction
 Profit itself can be a problem
Cost center

 These are divisions that add to the cost

of the organization, but only adds
indirectly to the profit of the

 Forexample: R & D, marketing,

customer service.
 Promotes intensely interactive planning and
budgeting by IT providers and client.
 Due to budget mismatches, the planning
process will be iterative.
 In the ideal situation:
 IT budget = Client’s budget for IT services.

 But in actual practice variances will exists.

 Variances can be handled by:
 Carrying the variance at a higher level
 Distributing profit/loss to clients
 Adjusting rates
Relationship to Client Behavior

 To promote IT use or new technology adoption,

firm can increase IT funding but bare the cost at
corporate level
 As the firm mature in IT use, cost-center approach
can be used to improve the effective use of IT
 Mature sophisticated firms with attractive IT assets
can adopt profit-centers approach and sell the
services outside
Controls and Information
Why are computerized systems more
vulnerable than manual systems?

Complex IS cannot be replicated

No visible changes
Procedures are invisible -> not easily
understood or audited
Easy to abuse
Effect of disaster can be more
extensive than in a manual system
Accessible by many individuals
Easy access -> difficult to control
Online systems are even more difficult
to control
Threats to Information Systems
Hardware, software failures.

Personal actions, user errors.

Terminal access penetration, theft of

data, services and equipment.

Electric problems, Fire and other disaster


Telecommunication problems
New threats

Risk of the Web

Confidential information (credit card
numbers) could be intercepted
Computer Viruses and Worms
Creating a Control Environment

Controls: all methods, policies and

organization procedures that ensure
the safety of the organization’s assets,
accuracy and reliability of its records
and operational adherence to
management standards.
Systems are controlled by:
General controls
Application controls
General Controls

Those that control:

The design, security and use of computer
programs and
Security of data files throughout the
Consists of a combination of system
S/W and manual procedures.

Ensures the effective operation of all

programmed procedures throughout the
General controls are classified as:
Implementation controls
Software controls
Hardware controls
Computer operations controls
Data security controls
Administrative controls
Implementation controls
Examine the system development
process at various points to ensure
that the process is well managed and
Use of formal review points to approve
or disapprove system implementation
Establish system feasibility
Documentation of the system
Software controls
Ensures the security and reliability of
Monitors the use of software and
prevents unauthorized access to S/W
Hardware Controls
Ensures the physical security and correct
performance of H/W.
Equipment can be physically secured by:
Restricting access
Protecting from adverse environmental factors
Provision of emergency backups
Use of mechanisms to check H/W malfunction etc.
Computer Operations Controls
Ensures that the programmed procedures
are consistently and correctly applied.

Controls can be applied to:

Computer operations, backup and recovery
procedures, storage, processing of data etc.

Instructions should be fully documented,

reviewed and approved by a responsible
Data File Security Controls
Ensures data files are not subject to
unauthorized access, change or
Data can be protected by:
Restrict access to computer terminals
Use of passwords
Restrictions to files etc.
Administrative controls
Formalized standards, rules, procedures
and disciplines to ensure that the controls
are executed and enforced.
Administrative controls include:
Segregation of functions
Written policies/procedures
Application Controls
Specific controls unique to each computerized
All transactions must be entered/recorded.
Data must be accurately captured /recorded
Application controls are classified as:
Input controls
Processing controls
Output controls
Input Controls
To check data for accuracy and
completeness when data is entered.
Input controls can be for:
Input authorization, data conversions,
data editing etc.
Processing Controls
Routines for establishing that data
are complete and accurate during
Eg: Run control totals, edit checks
Output Controls
Ensures that the results of computer
processing are accurate, complete and
properly distributed.
Eg: Balance O/P with processed and
I/P, audits of output reports,
specifications of output recipients.
University College Dublin
An Cotaiste Ollscoile, Baile Atha Cliath



Management Of Information Systems
MIS 2721

Professor Lucas Introna

Professor Andrew Deegan
Ms. Gangani Wickramasinghe *

Time Allowed: 3 hours

Instructions for Candidates

Answer any FIVE questions

All questions carry equal marks

1. Explain the characteristics that distinguish a Strategic Information System (SIS)
from other kinds of systems? Discuss with examples, the different strategic thrusts
an organization could pursue. How can critical success factors of an organization
be used to determine Information Systems opportunities?

2 . What is Strategic Management? Discuss the main elements of a strategy document

with suitable examples: Explain the main types of strategies developed by an
organization. Why is strategy maintenance important?

3. Discuss the elements of a n IT organization's planning model with suitable

examples. How can the Critical Success Facto rs (CSF) approach be used for IT
planning? For what type of company is thi s method of planning useful? Explain
the relationship between strategic and tactical plans. How are operational plans
related to tactical plans?

4. Today, Outsourcing has become a popular deve lopment choice for organizations.
Analyze the pros and cons of outsourcing contracts by an organization . What are
the possible risks an organization may face by using purchased applications?
What are its advantages?

5. What is Change Management? Explain, as an IT Manager how you would carry

out the change management process in your organization. What are the benefits
of adopting such a formal approach? How is a Service Level Agreement (SLA)
rel ated to change management?

6. " Computer systems more vulnerable to destruction, fraud, error and abuse as
compared to manual systems". Comment. As an IT Manager, explain how
General and Application controls can help you to protect IT assets from theft,
damage and misuse?

7. What are the objectives of resource accountability? What are the disadvantages of
an IT cost recovery process? What alternatives can IT Managers use to charge for
application development? What are the characteristics of each method?

f University College Dublin
An Col;iiste Ollscoile. Baile Atha Cliath


Bachelor of Science (Sri Lanka) BSc 11

Management of Information Systems


Dr. Lucas Introna

Professor And rew Deegan

Ms. G. Wickramasinghe*

Time Allowed: THREE (3) hours

Instructions for Candidates:

Answer any FIVE (5) questions

© UCD 2007/08/Modular Page 1 of 3

1. Differentiate between the characteristics of a Strategic Information System
(SIS) and an Information System at the strategic level. Discuss Porter's
model of forces governing competition, taking any industry of your choice as
an example. How can critical success factors of an organization be used to
determine Information Systems opportunities?

2. Explain the purpose of developing functional strategies. How are functional

strategies related to a company's business strategy? What are the main
ingredients a strategy statement must cover? Explain with suitable examples.
What role does an environmental assessment play in formulating strategies?

3. What is an Operational Plan? How is an Operational plan related to a

Tactical plan? ABC Ltd has not updated its IT plans for the past few years.
The IT manager has asked your help in initiating an IT planning process.
What advice would you offer to develop a good IT plan? Discuss with suitable
examples. How can Stages of Growth approach be used in IT planning? For
what type of company is this method of planning useful?

4. Discuss the main steps in an Application Project Management process.

Discuss in detail the following software development methodologies and
tools. Analyze the advantages and drawbacks of each method.

a. Object-Oriented Software Development.

b. Rapid Application Development (RAD).

c. CASE tools.

5. What are the other software development alternatives an organization can

pursue other than developing in-house? Discuss the advantages and
drawbacks of two such alternatives. What types of systems are most suitable
for outsourcing? Explain with examples

© UCD 2007/0S/Modular Page 2 of 3

6. What is the purpose of a Service Level Agreement (SLA)? Discuss the
relationship between the disciplines of Problem, Change and Recovery
Management and a Service Level Agreement. Explain the main steps in an
effective Problem Management process. What are the benefits of having
such a systematic approach to handle problems?

7. What are General Controls and Application Controls? As an IT Manager,

explain how General Controls will help you to protect your organization 's IT
assets. "The accuracy of a cost-recovery system is not very important to an
IT Manager". Comment on this statement. Compare and contrast Profit-center
and Cost-center methods for recovering IT costs.


© UCD 2007/08/Modular Page 3 of 3

University College Dublin
An CoUiiste otlscoile. Bilile Atha Cliath




Management of Information Systems

Professor Lucas Introna

Professor Andrew Deegan
Mrs. G. Wickckramasignhe •

Time Allowed: 3 hours

Instructions for Candidates:

Answer FIVE (5) questions

All questions carry equal marks

1. "Information and Information Systems have become increasingly important with the
transformation of Industrial Economies". Comment on this statement. What are the main
characteristics of a Strategic Information System? Discuss with examples how "Innovation"
can be used as a competitive move by an organization. Explain the term "Critical Success
Factor". How can organizatious use critical success factors to determine InfOlmation Systems

2. Explain the terms "Strategy" and "Strategic Managemenf'. Explain the purpose of developing
stand-alone strategies. Why is it important to analyze the environment in order to formulate
strategies? Discuss according to Porter's Model how "new entrants" can affect an organization in
a competitive environment. Consider any industry of your choice as an example.

3. What is an Operational Plan? How is it different from a Strategic Plan? Discuss the main
considerations that smTOund system operations planning? What role does "technology" play in
planning for the IT division? Explain how critical success factors of an organization are used in
IT planning. For what type of organization is this method more suitable?

4. Explain with suitable examples the various software development difficulties related to an
organization or its management. Discuss the essential areas that need to be addressed in
developing a Business Case in software project management. Explain the main objectives of a
Phase Review in Software development. What are the areas a Project Manager must consider as
sources of risk in a project?

5. Discuss in detail the fullowing software development methodologies. Analyze the advantages and
drawbacks of each method.
a. Object..()riented Software Development (OOSD).
b. Test Driven Development (TDD).
What are the other development alternatives available for an organization, other than developing
in-house? Discuss the advantages of one such alternative. What type of system is most suitable to
purchase? Explain with examples.

@ UCD 2008J09IModuiar
Page 2 013
6. ''A Service Level Agreement reduces coriflicts between the client and the service provider and
places IT services on a more business-like basis ". Comment on this statement. Explain the
contents of a Service Level Agreement. What is Recovery Management? How is Contingency
Planning related to Recovery Management? Discuss the main considerations that snrround
Contingency Planning.

7. "A well designed cost recovery system improves IT's effectiveness". Comment on this statement.
What are the objectives of resource accountability? Explain the goals of an IT chargeback
system. Discuss the characteristics of a profit center method and cost center method of IT cost


@UCD 2008AJ9lModular Page 3 of 3