Module I o Internet based e-business and e-commerce systems: Web enabled enterprise

Definition: An information system is a set of interrelated elements or components, and global e-business operations and electronic commerce on the internet,
that collect (input), manipulate (process), and disseminate (output) data and intranets, extranets, and other networks.
information and provide feedback mechanism to meet desired objectives. Types of Information System: Conceptually the applications of information
Characteristics of Information: Information should be Accurate, Complete, systems that are implemented in today’s business world can be classified in several
Economical, Flexible/ Versatile, Reliable, Relevant, Timely, Verifiable, different ways. Several types information systems can be classified as either
Accessible, and Secure. operations or management information systems.
System Performance & Standards: System performance can be measured in  Operations Support System: Information systems have always been needed to
various ways. Variances from standards are determinants of system performance. process data generated by and used in, business operations. Such operations
Achieving system performance standards may also require a tradeoff in terms of support systems produce a variety of information products for internal and
cost, control and efficiency. external use. However they do not emphasize producing the specific
 Efficiency: Is a measure of what is produced divided by what is consumed. It information products that can best be used by managers. The role of a business
can range from 0 to 100%. firm’s operations support system is to efficiently process business transactions,
 Effectiveness: Is a measure of the extent to which a system achieves its goals. It control industrial processes, support enterprise communications and
can be computed by dividing the goals actually by the total of the stated goals. collaborations and update corporate databases.
Roles of IS in Business: There are three fundamental reasons for all business  Transaction Processing Systems: Are an important example of operations
applications of information technology. They are found in the three vital roles that support system that record and process data resulting from business
information system can perform for a business enterprise. transactions.
 Support of its business processes and operations.  Process Control Systems: Monitors and controls physical processes. They
 Support of decision making by its employees and managers. enhance team and workgroup communications and productivity, and include
 Support of its strategies for competitive advantage. applications that are sometimes called as office automation systems.
Trends in IS: The business applications of information systems have expanded  Management Support Systems: When information systems applications
significantly over the years. focus on providing information and support for effective decision making by
 Data Processing (1950s – 1960s): Electronic data processing systems which managers, they are called management support systems. Providing information
includes transaction processing, record keeping, and traditional accounting and support for decision making by all types of managers and business
applications. professionals is a complex task. Conceptually, several major types of
 Management Reporting (1960s – 1970s): Management information systems management support system includes:
that include preparation of management reports of pre specified information to  Management Information System: MIS provides information in the form
support decision making. of reports and displays to managers and many business professionals.
 Decision Support (1970s – 1980s): Decision support systems include interactive  Decision Support System: DSS give direct computer support to managers
ad hoc support of managerial decision making process. during the decision making process.
 Strategic and End User Support (1980s – 1990s):  Executive Information System: EIS provide critical information from a
o End user computing systems: Direct computing support for end user wide variety of internal and external sources easy to use touch screen
productivity and work group collaboration. terminals to instantly view text and groups display that highlights key areas
o Executive information systems: Critical information for top management. of organizational and competitive performance.
o Expert Systems: Knowledge based expert advice for end users. Information System Resources: An information system consists of five major
o Strategic Information Systems: Strategic products and services for competitive resources: people, hardware, software, data and networks.
advantage.
 Electronic Business and Commerce (1990s – 2000s):
• People Resources: People are an essential ingredient for the successful information products include messages, reports, forms and graphic images,
operation of all information system. The people resources include end users and which may be provided by video displays, audio responses, paper products and
IS specialists. multimedia.
• Hardware Resources: The concept of hardware resources include all physical  Storing: Storage is the basic system component of information system. Storage
devices and materials used in information processing. Specifically, it includes is the information system activity in which data and information are retained in
not only machines, such as computers and other equipment, but also all data an organized manner for later use. This facilitates their later use in processing
media, from sheets of paper to magnetic or optical disks. or retrieval as outputs when needed by users of a system.
• Software Resources: The concept of software resources includes all sets of  Controlling: An important information system activity is the control of system
information processing instructions. This generic concept of software includes performance. An information system should produce feedback about its input,
not only the set of operating instructions called programs, which direct and processing, output, and storage activities. The feedback must be monitored and
control computer hardware, but also the sets of information processing evaluated to determine if the system is meeting established performance
instructions called procedures that people need. standards.
• Data Resources: Data are more than raw materials of information system. The Developing IS Solutions:
concept of data resources has been broadened by managers of information Developing successful information systems solutions to business problems is a
systems professionals. They realize that data constitute valuable organizational major challenge for business managers and professionals today. Most computer
resources. Thus data is viewed as an important resource that must be managed based information systems are conceived, designed, and implemented using some
effectively to benefit the end users in an organization. form of systematic development process. Using the systems approach to develop
information system solutions can be viewed as a multi step process called the
• Network Resources: Telecommunications technologies and networks like the
information systems development cycle, also known as the system development
internet, intranet and extranet are essential to the successful electronic business.
life cycle (SDLC). What goes on in each stage of this process, which includes the
Telecommunications networks consist of computers, communications
steps of
processors and other devices interconnected by communication media and
controlled by communications software.  Project Initiation: Somebody needs to start the project. Usually it is a manager
IS Activities: The basic information processing activities that occur in information outside the IS organization who has a problem or sees an opportunity related to
system includes. the area where he are she works. A formal planning process also may identify
new systems that can help the organization meet its objectives. Sometimes the IS
 Inputting: Data about business transactions and other events must be captured
group initiates the projects that will improve its own operations or deal with
and prepared for processing by the input activity. Input typically takes the form
common problems among the user areas.
of data entry activities such as recording and editing. End users typically enter
data directly into a computer system, or record about transactions on some type  System Analysis & Feasibility Study: Once the project is initiated, the system
of physical medium such as a paper form. This usually includes a variety of analysis phase begins. System analysis refers to the investigation of existing
editing activities to ensure that they have recorded data correctly. Once situation. Some of the major activities include isolating the symptoms of the
recorded data may be transferred onto a machine readable medium such as a problem and determining its cause. Other activities are the identification of
magnetic disk until needed for processing. business process and their interrelations and the flow of information related to
these process. System analysis aims at providing a through understanding of the
 Processing: Data are typically subjected to processing activities such as
existing organization, its operation, and the situation relevant to the system.
calculating, comparing, sorting, classifying and summarizing. These activities
organize, analyze, and manipulate data, thus converting them into information  Logical Analysis & Design: at this point analysts determine two major aspects
for end users. The quality of any data stored in an information system must also of the system.
be maintained by a continual process of correcting and updating activities. o What it needs to do
 Outputting: Information in various forms is transmitted to end users and make o How it will accomplish these functions.
available to them in the output activity. The goal of information system is the The analyst identifies information requirements and specifies processes and
production of appropriate information products for end users. Common generic IS function such as input, output and storage rather than writing
 programs or identifying hardware. The analysts often use modeling tools such as DBMS is a collection of interrelated data and a set of programs to access those
DFDs, ERDs, to represent logical processes and data relationships. Logical data. The primary goal of a DBMS is to provide a way to store and retrieve
design is followed by physical design, which translates the abstract logical database information that is both convenient and efficient. Database systems is a
model into specific technical design for new systems. computerized record keeping system which provides mechanisms for the safety of
 Acquisition or Development: IS personnel use the specifications suggested in the stored information from data corruption and unauthorized access.
logical and physical design to purchase the hardware and software required for DBMS Architecture: The ANSI/SPARC architecture is divided into three levels,
system and then to configure it as needed. Programmers write programs for parts known as the internal, conceptual and external level.
of the system where commercial sources are not appropriate. Technical writers  Internal Level: This is also known as the physical level is the one closest to the
develop documentation and training materials. IS personnel test the system for physical storage – i.e. it is the one concerned with the way the data is physically
bugs and system performance before they are finally implemented. stored.
 Implementation: Implementing the system requires a careful plan, to avoid  External Level: This is also known as the user logical level is the one closest to
problems that could lead to resistance. Here the user needs training in the the users – it is the one concerned with the way the data is seen by individual
mechanics of the system, to reduce frustration and productivity loss during the users.
transition period. In most cases implementing a new system requires a  Conceptual Level: This is also known as the community logical level, or
conversion from a previous system. Approaches to conversion include: sometimes just the logical level, unqualified is a level of indirection between the
o Parallel Conversion other two.
o Direct cutover Working Principle: The DBMS is a software that handles all access to the
o Pilot Conversion database. Conceptually what happens is the following:
o Phased Conversion • A user issues an access request, using some particular data sublanguage typically
 Operation: After a successful conversion, the system will operate for indefinite SQL)
period of time, until the system is no longer adequate or unnecessary, or cost The DBMS intercepts that request and analyzes it.
effective. • The DBMS inspects, in turn, the external schema for that user, the corresponding
 Post Audit Evaluation: an organization should evaluate all its larger systems external/conceptual mapping, the conceptual schema, the conceptual/internal
projects after their completion. If the implementation was successful, an audit mapping, and the storage structure definition.
should occur after the system operations have stabilized. If the project failed, the • The DBMS executes the necessary operations on the stored database.
audit should be done as soon as possible after the failure.Post audit evalution Data Models: Underlying the structure of a database is the data model, a
provides a platform to compare the standards with the actuals and helps analyst collection of conceptual tools for describing data, data relationships, data
make better estimates on future projects. semantics, and consistency constraints. A data model provides a way to describe
 Maintenance: every system needs two kinds of maintenance. Bugs are more the design of a database at the physical, logical and view level. The data models
frequent in the beginning, but problems can appear even years later. In addition can be classified in four different categories.
programmers need to update systems to accommodate changes in the • Relational Model: The relational model uses a collection of tables to represent
environment Regardless of type, maintenance is expensive, accounting for up to both data and the relationships among those data.
80% organizational IS budgets. Therefore it is important that the design and • Entity Relationship Model: The entity relationship model is based on a
development stages produce systems that include in its initial versions all perception of a real world that consists of a collection of basic objects called
required functionality. entities and of relationship among these objects.
• The Object Oriented Data Model: This is another data model, which can be
seen as an extension of E-R model with notations of encapsulation, methods, and
Module II object identity. The object relational data model combines features object
Database Management System: oriented data models and relational model.
• Semi structured Data Model: The semi structured data model permits the  Concurrent Access: For the sake of overall performance and faster response
specification of data where individual data items of same type may have time many systems uses multiple users to update the data simultaneously. In
different set of attributes. The Extended Markup Language (XML) is widely such environment interactions of concurrent updates may result in data
used to represent semi structured data. inconsistency. DBMS guards against this possibility by maintaining some form
Database Languages: A database system provides a data-definition language to of supervision into such applications.
specify the database schema and a data-manipulation language to express database  Atomicity Problems: A computer system like any other mechanical device is
queries and updates. In practice, the data definition and data manipulation subject to failure. In many applications it is crucial that if a failure occurs the
languages are not separate languages, instead they simply form parts of a single data is restored to the consistent state that existed prior to the failure. DBMS
language, such as the widely used SQL language. takes care of such problems by making the transactions atomic – it must happen
Database Design: Database systems are designed to manage large bodies of in entirety or not at all.
information. Database design mainly involves the design of database schema. The  Data Integrity: Data integrity refers to ensuring data in database is accurate.
design of a complete database application environment that meets the needs of the This is ensured through enforcing various integrity constraints during the time of
enterprise being modeled requires attention to a broader set of issues. creation of data structure.
Benefits of a Database Systems: Database systems arose in response to early
 Better Interaction with Users: In case of DBMS the availability of up-to-date
methods of computerized management of commercial data. The typical file
information improves and makes it easy to respond to unforeseen information
processing systems is supported by conventional operating system. Using the
request. Centralizing the data in database allows users to obtain new and
database approach has the following benefits over the traditional file processing
combined information.
approach.
Efficient System: in DBMS the contents of stored data can be changed easily and
 Data Redundancy: This refers to duplication of data. In non database system do not have any impact on the application programs. Initial cost of DBMS may
each application with own separate files often lead to redundancy in store data be high but overall costs is less compared to conventional system.
which results in wastage of space. Database systems does not maintain separate Systems Vulnerability:
copies of the same data. All the data kept in one place and various application Information systems are made up of many components that may be in several
refer from this centrally controlled system. locations. Thus, each information system is vulnerable to many potential hazards.
 Data Inconsistency: Database is said to be inconsistent when contradictory The vulnerability of information system is increasing as we move to a world of
information will be supplied to the users. DBMS ensures the database is always networked computing. Theoretically, there are hundreds of points in a corporate
consistent by ensuring that any change made to either of the two or more entities information system that can be subject some threat. These threats can be classified
is automatically applied to the other one also. This process is also known as as unintentional or intentional.
propagating update. • Unintentional Threats: These are divided into three major categories – human
 Sharing of Data: Sharing of data allows the existing application to use the data errors, environmental hazards and computer system failures
by multiple users of the database system. Due to shared data it is possible to • Human Error: Errors can occur in the design of the hardware and/or
satisfy the data requirement of new applications without creation of additional information systems. They can also occur in the programming, testing, data
stored data or marginal modification. collection, data entry, authorization, and instructions. Human errors
 Enforcement of Standards: DBMS uses standard measures in naming, contribute to the vast majority control – and security related problems in
formatting and structuring while creating and using data within the organization. many organizations.
This ensures easier enforcement of data usage particularly in migrating and • Environmental Hazards: This includes earthquakes, hurricanes, severe
interpreting data between two different systems. snow, sand storms, floods, tornadoes, power failures or strong fluctuations,
 Data Security: To ensure security DBMS provides security tools such as user fires, defective air conditioning, explosives, radio active fallout and water
codes and passwords so that data security checks can be carried out whenever cooling system failures.
access is attempted to sensitive data.
 • Computer System Failures: This can be result of poor manufacturing of  Programming Techniques: Computer criminals also use programming
defective materials. Unintentional malfunction can happen for other reasons techniques to modify a computer program, either directly or indirectly. For this
ranging from lack of experience to incompatibility of software. crime, programming skills and knowledge of the targeted systems are essential.
• Intentional Threats: Computer system may be damaged as a result of  Viruses: The most common publicized attack method, the virus receives its
intentional actions. Here are some examples. name from the programs ability to attach itself to other computer programs
• Theft of Data causing them to become virus themselves. When a virus is attached to a
• Inappropriate use of data legitimate software program, the program becomes infected without the owner of
• Theft of mainframe computer crime program being aware of the infection. Therefore, when the software is used, the
• Theft of equipment and/or programs virus spreads, causing damage to that program and possibly to others. Thus, the
legitimate software is acting as a Trojan horse.
• Deliberate manipulation in handling, entering, processing, transferring or
Security Challenges:
programming data.
Knowing about major potential threats to information systems is important, but
• Labor strikes, riots or sabotage.
understanding ways to defend against these threats is equally critical. Defending
• Malicious damage to computer resources information systems is not a simple or inexpensive task for the following reasons.
• Destruction from viruses and similar attacks. • Hundreds of potential threats exist
• Miscellaneous computer abuses and crimes. • Computing resources may be situated in many locations.
Computer Crimes: According to CSI 64% of all corporations experienced
• Many individuals control information assets.
computer crimes in 1997. The number, magnitude and diversity of computer
• Computer networks can be outside the organization and difficult to protect
crimes and abuse are increasing rapidly. Lately increased fraud related to the
Internet and electronic commerce is in evidence. • Rapid technological changes make some controls obsolete as soon as they are
Types of Computer Crimes: In many ways, computer crimes resemble installed.
conventional crimes. They can occur in four ways. • Many computer crimes are undetected for a long period of time so it is difficult
• First, the computer can be target of the crime. to learn from experiences.
• Second, the computer can be the medium of the attack by creating an • People tend to violate security procedures because the procedures are
environment in which a crime or fraud can occur. inconvenient.
• Third, the computer can be the tool by which a crime is perpetrated. • Many computer criminals who are caught go unpunished, so there is no deterrent
effect.
• Forth, the computer can be used to intimidate or deceive.
Computer Criminals: Crimes can be performed by outsiders who penetrate a • The amount of computer knowledge necessary to commit computer crime is
computer system frequently via communication lines or by insiders who are minimal and one can learn hacking for free in the internet.
authorized to use the computer system but are misusing their authorizations. • The cost of preventing hazards can be very high. Therefore most organizations
• Hacker: is the term often used to describe outside people who penetrate a simply cannot afford to protect against most possible hazards.
computer system. • It is difficult to conduct a cost benefit justification for controls since it is difficult
• A cracker is a malicious hacker who may represent a serious problem for a to assess the value of hypothetical attacks.
corporation. Protecting Information Systems: Protection of IT is accomplished by inserting
Methods of Attack: Two basic approaches are used in deliberate attacks on controls – defense mechanisms – intended to prevent accidental hazards, deter
computer systems: data tampering and programming techniques. intentional acts, detect problems as early as possible, enhance damage recovery
and correct problems.
 Data Tampering (Data Diddling): This is the most common approach and is
Defense Strategies: The selection of a specific strategy depends on the objectives
often used by the insiders. It refers to entering, false, fabricated data into the
of the defense and on the perceived cost benefit.
computer or changing or deleting existing data.
  Controls for Prevention: Properly designed controls may prevent errors from  Data Security Controls: Data security is concerned with protecting data from
occurring, deter criminals from attacking the system, and better yet, deny access the accidental disclosure to unauthorized persons or from unauthorized
to understand people. modification or destruction. Data security functions are implemented through
 Detection: It may not be economically feasible to prevent all hazards and operating systems, security access control programs, database or data
deterring measures may not work. Therefore, unprotected systems are vulnerable communication products recommended backup/recovery procedures, application
to attacks. Like a fire the earlier it is detected the better it is to combat. programs and external control procedures.
 Limitation: This means to minimize losses once a malfunction has occurred.  Communication/Network Controls: Network is becoming extremely important
This can be accomplished by including a fault tolerant system that permits as the use of internet/intranet and ecommerce increases.
operations in a degraded mode until full recovery is made. o Encryption: Encryption encodes regular digitized text into unreadable
 Recovery: A recovery plan explains how to fix a damaged information systems scrambled text or numbers to be decoded upon receipt. Encryption
as quickly as possible. Replacing rather than repairing components is one route accomplishes three purposes.
to fast recovery. • Identification: (helps identify legitimate senders and receivers)
 Correction: Correcting damaged systems can prevent the problem from • Control: (prevents changing a transaction or message) and
occurring again. • Privacy (impedes eavesdropping).
Information System Controls: They can be divided into two major categories – • Firewalls: A firewall is a system or a group of systems that enforces an access
general system controls and application controls. control policy between two networks. It is commonly used as a barrier
General Controls: These are used to protect the systems regardless of specific between the secure corporate intranet or other internal networks and the
applications. The major categories of general controls are as under: internet which is assumed to be unsecured.
 Physical Controls: Appropriate physical security may include several Firewalls are used to implement control access policies. The firewalls follows
controls such as the following: strict guidelines that either permits or blocks traffic, therefore, a successful
• Appropriate design of data center. firewall is designed with clear and specific rules about what can pass through.
• Shielding against electromagnetic fields. Several firewalls may exist in one information system.
• Good fire prevention, detection and extinguishing system, including  Administrative Controls: Administrative controls deal with issuing guidelines
sprinkler system, water pumps, adequate drainage facilities. A better and monitoring compliance with the guidelines. Representative examples of such
solution is fire-enveloping system. controls include the following:
• Emergency power shutoff and backup batteries, which must be maintained Appropriately selecting, training and supervising people
in operational condition. Fostering company loyalty
• Properly designed, maintained and operated air conditioning system. • Immediately revoking access privileges of dismissed, resigned or transferred
• Motion detector alarms to detect physical intrusion. employees.
 Access control: Access control is the restriction of unauthorized user access to a • Requiring periodic modification of access controls
portion of a computer system or to the entire system. To gain access, a user must • Developing programming and documentation standards
be authorized. Then when the user attempts to gain access he or she must be • Instituting separation of duties
authenticated. User identification can be accomplished when the following • Holding periodic & random audits of the system.
identifies each user. Module III
• Something only the user knows such as a password Transaction Processing Systems:
• Something only the user has such as a smartcard In every organization there are major business processes that provides the mission
• Something only the user is such as signature, voice, fingerprint, or retinal critical activities. Business transactions occurs when a company produces a
scan, iris scan, DNA code implemented via biometric control product or provides a service. An Information System that supports transaction
processing is called the Transaction Processing System.
 Need for TPS:  To assure accuracy and integrity of data
 Large amounts of data can be processed.  To safeguard assets and security of information.
 The sources of data are mainly internal and the output is intended mainly for Activities: Regardless of the specific data processed by a TPS, a fairly standard
internal audience. process occurs, whether in a manufacturer, in a service firm, or in a govt.
o This characteristic is changing since trading partners may organization. First data is collected by people or sensors and entered into the
contribute data and be permitted to use TPS output directly. computer via any input device. Generally speaking organizations try to automate
 The TPS provides information on a regular basis. the TPS data entry as much as possible because of large volume. Next the system
 Large storage (database) capacity is required. processes data in one of the two basic ways.
 High processing speed is needed due to high volume.  Batch Processing: In batch processing the firm collects transaction as they
 TPS basically monitors and collects past data. occur, placing them into groups or batches. The system then prepares and
 Input and Output are structured. processes the batches periodically.
o Since the processed data are fairly stable, they are formatted in a  Online Processing: In online processing, data are processed as soon as a
standard fashion. transaction occurs.
 High level of detail is usually observed, especially in input data often in output Tactical Tasks: Transaction processing exists in all functional areas. However it
as well. has major impact in accounting and finance areas. The major components of a TPS
 Low computation complexity (simple mathematical/statistical) is usually evident and its processes are the following.
in TPS.  Order Processing
 A high level of accuracy, data integrity, and security is needed.  The Ledger
o Sensitive issues such as privacy of personal data are strongly related in TPS.  Accounts Payable and Receivable
 High reliability is required.  Receiving & Shipping
o TPS can be viewed as lifeblood of the organization. Interruption in the  Inventory on Hand
flow of TPS data can be fatal to the organization.  Fixed Asset Management
 Inquiry Processing is a must.  Payroll
o TPS enables users to query files and databases (even online and real time)  Personal Files & Skills Inventory
Characteristics: TPS is the backbone of the organizations information system.  Government Reports
TPS does the following for all routine core business transactions. An organization  Periodic Reports & Statements.
may have one integrated TPS or several, one for each specific business processes.
 Monitors Decision Support System:
 Collects The concepts involved in DSS were first articulated in the early 1970s in the early
 Stores 1970s by Scott Morton. He defined such system as interactive computer based
 Processes system, which makes decision makers utilize data and models to solve
unstructured problems.
 Disseminates information.
DSS like the term MIS and MSS, means different things to different people. DSS
Objectives: To provide all information needed by law and/or organizational
can be viewed as an approach or a philosophy rather than a precise methodology.
policies to keep the business running and efficiently. The key objectives of a
Need for DSS:
traditional TPS are as under:
 Most companies now operate in unstable economy.
 To allow effective operation of organization
 Most organization now faces increasing foreign and domestic competition.
 To provide timely documents and reports
 Tracking the numerous business operation are becoming increasingly
 To increase the competitive advantage of the corporation.
difficult.
 To provide the necessary data for tactical and strategic systems.
  Companies existing computer system did not support the objectives of  Knowledge Management: This subsystem can support any of the other
increasing efficiency, profitability, and entry into profitability markets. subsystems or act as an independent component, providing knowledge for the
 The IS department could not begin to address the diversity of the solution of the specific problem.
company’s needs or management inquiries. The components are put together for DSS either
 Business analysis functions were not present within the existing system.  by programming them from scratch
Other reasons for using DSS that were found in surveys are:  by gluing together existing components
 Accurate information is needed.  or by using comprehensive tools called DSS generators.
 DSS is viewed as a organizational leader. End user constructed DSSs are built with integrated tools, such as Excel or Lotus 1
 New information is needed. 2 3, which include spreadsheets, graphics, and database management systems.
 Management mandated the DSS Data Management Subsystem: The data management subsystem is similar to any
 Timely information is provided other data management system. The necessary data can flow from several sources
 Cost reduction is achieved. and are extracted prior to their entry to a DSS database. In some DSS there is no
Characteristics and Capabilities: separate DSS database, and data are entered into the DSS as needed. In many DSS
applications, data come from a data warehouse. A data warehouse includes DSS
• A DSS provides support for decision makers at all management levels,
relevant data extracted from different sources and organized as a relational
whether individual or groups, mainly in semistructured and unstructured
database.
situations by bringing together human judgments and computerized
information.
• A DSS supports several interdependent and/or sequential decisions.
• A DSS supports all phases of the decision making process – intelligence,
design, choice, and implementation.
• Supports variety of decision making processes and styles.
• A DSS is adaptable by the user over time to deal with changing condition.
• A DSS is easy to communicate and use.
• A DSS promotes learning, which leads to new demands and refinement of
application, which leads to additional learning and so forth.
• A DSS usually utilizes models (standard and/or custom made)
• A DSS allows the easy execution of sensitivity analysis.
Structure and Components: Every DSS consists of at least data management,
user interface, and model management components. Model Management Subsystem: The model base contains all the models and the
 Data Management Subsystem: Data management includes the database(s) model building blocks used to develop applications to run the systems. The major
which contains relevant data for the situation, managed by database functions of MBMS include:
management system (DBMS). • Creates models easily and quickly, either from scratch, from exciting models
 User Interface Subsystem: This component is other wise known as human – or from building blocks.
machine communication) subsystem. The user can communicate with and • Allows users to manipulate models so they conduct experiments and
command the DSS through this subsystem. sensitivity analysis.
 Model Management: This includes software with financial, statistical, • Stores and manage a wide variety of different types of models in a logical and
management science, or other quantitative models that provide the systems integrated manner.
analytical capabilities and an appropriate software management program to • Access and integrates the model building blocks
manage the models. • Catalogs and displays the directory of models.
 • Tracks models, data, and application usage. EIS: An EIS is a computer based system that serves the information needs of top
• Interrelates models with appropriate linkage through the database executives. It provides timely information and direct access to management
• Manages and maintains the model base with management functions analogous reports. EIS is very user friendly, is supported by graphics, and provides exception
to database management. reporting and drill down capabilities. It is also connected with online information
The model management subsystem of DSS has several elements: model base; services and electronic mail.
model base management system; modeling language; model directory; and model ESS: An ESS is a comprehensive support system that goes beyond EIS to include
execution, integration, and command. analysis support, communications, office automation and intelligence.
Knowledge Management Subsystem: Many unstructured and semi structured Capabilities and Characteristics of ESS: EIS vary in their capabilities and
problems are so complex that they require expertise for their solutions. Such benefits. The following capabilities are common to most EIS.
expertise can be provided by an expert system. Therefore, the more advanced DSS • Drill Down: The capability called drill down provides details of any given
are equipped with component called knowledge management. Such a component information. In certain cases, this drill down process may continue through
can provide the required expertise for solving some aspects the problem or several layers of details. To provide this capability, the EIS may include several
knowledge that can enhance the operations of the other DSS components. thousand menus and submenus. Drill down can also be achieved by direct query
of the database, and by using a browser. Systems that use intelligent agents to
Executive Information (Support) Systems: conduct drill down and bring results to user are under development.
The majority of personal DSSs support the work of professionals and middle level • Critical Success Factor: The factors that must be considered in attaining the
managers. Organizational DSSs provide support primarily to planners, analysts, organizational goals are called critical success factors. Such factors can be
researchers or to some managers. Rarely do we see a DSS used directly by top or strategic, managerial, or operational success factors and they are mainly defined
even middle level executives. from three sources: organizational factors, industry factors. They can exist at
An executive support systems (EIS) also known as executive support systems the corporate level, as well as the division, plant and department level.
(ESS) is a technology emerging in response to managers specific needs. Sometimes it is even necessary to consider the CSF of individual employees.
Factors driving the needs for EIS: Critical success factors, once identified can be monitored, measured and
 External Factors: compared to standards.
• Increased Competition
• Rapidly changing environment CSF KPI
• Need to be more proactive Profitability Profitability measures of
• Need to access external databases each department, products,
region etc
• Increasing government regulations
Financial Financial ratios, Balance
 Internal Factors:
sheet Analysis, Cash reserve
• Need for timely information position, Rate of return on
• Need for improved communication investment.
• Need for access to operational data Marketing Market share, Advertisement
• Need for rapid status updates on different issues Analysis, Product Pricing,
• Need for increased effectiveness Sales Result, Customer sales
• Need to be able to identify historical trends potential.
• Need to access corporate databases Human Turnover rates, Skill
• Need for more accurate information Resources Analysis, Absenteeism Rate
etc.
Planning Corporate Partnership,
 Ventures, Growth/Share • Designing IT architecture for the organizations in such a way that users,
Analysis applications, and databases can be integrated and networked together.
Economic Market trends, Foreign • Efficiently allocating information systems development and operational
Analysis Exchange Values, Industry resources among competing applications.
trends, Labour cost trends. • Planning information systems projects so that they are completed on time and
Consumer Customer confidence level, within budget and include the specified functionalities.
Trend purchasing habits, A Four Stage Model of IT Planning: Several models were developed to facilitate
demographical data. IT planning. Of special interest is Wetherbe’s four stage model of planning, which
• Status Access: In the status access mode, the latest data or reports on the status is based on observation of planning efforts, promotional literature, and analysis of
of key indicators or other factors can be accessed at any time. various methodologies used in planning processes. The model consists of four
• Trend Analysis: In analyzing data, it is extremely important to identify trends. major activities: strategic planning, requirements analysis, resource allocation and
The executive likes to examine trends, especially when changes in data are project planning. These activities correspond to the four general issues of IT
detected. Trend analysis can be done using forecasting models which are planning.
included in many ESSs. • Strategic IT Planning: The first stage of the IT planning model includes several
• Ad Hoc Analysis:Executive support systems provide ad hoc analysis some what different types of activities. On the one hand it refers to identifying a
capabilities instead of merely providing access to data analysis. Executives can set of new applications – a portfolio – through which an organization will
thus use the ESS to do creative analysis on their own. They may even select the conduct its business. These applications make it possible for organizations to
programming tools to be used, the outputs, and the desired presentation of the implement its business strategies in a competitive environment. On the other
information. hand, SIP can also refer to the process of searching for strategic information
• Exception Reporting: Exception reporting is based on the concept of systems applications that enable an organization to develop a competitive
management by exception, in which an executive should give attention to advantage rather than just maintaining its position.
significant deviation from standards. Here an executives attention will be In either case, SIP must be aligned with overall organizational planning. To
directed only to cases of very good and very bad performance. This approach accomplish this alignment, the organizational must do the following.
saves considerable time for both producers and readers of reports. • Set the IT mission.
EIS Types & Issues: In recent years, the EIS has been enhanced with relation and • Access the environment.
multidimensional analysis and presentation, friendly data access, user friendly • Access existing system availabilities and capabilities
graphical interface, imaging capabilities, hypertext, internet access, emails, • Set IT objectives, strategies and policies
intranet access and modeling. These are helpful for any executive. We can • Access the potential impacts on IT.
distinguish between two types of EIS
• One designed especially to support the top executives. The output of the process should include the following:
• The other intend to serve a wider community of users. • A new or revised IT charter and assessment of the state of the ISD:
Module IV • An accurate evaluation of the strategic aspirations and directions of the
Issues in IT Planning: Improving the planning processes for information systems organization;
has long been one of the top concerns of ISD management. The society for • And a statement of the objective, strategies and policies for the IT effort.
Information Management found this to be the number one issue in surveys of
senior IS executives. It planning still represents a challenging issue for IS To carry out the above tasks there exist several methodologies; the major ones
executives. Basic information systems planning address the following four general are
issues. • Business System Planning
• Aligning the IT plan with the organizational business plan • Nolan’s Stages of IT Growth model
• Ends/Means Analysis • On the other hand the IT planning process identifies an information
• Critical Success Factors. architecture that usually requires additional funding for less critical items:
• Information Requirements Analysis:The goal of the second stage of the new projects, maintenance or upgrades of existing system, an
model, the information requirements analysis, is to ensure that the various infrastructure to support these systems and future needs.
information systems, databases, and networks can be integrated to support After setting aside funds for the above category, the organization can use
decision making and operations. the remainder of the IT budget for projects related mainly to the improved
There are several alternative approaches for conducting the requirements information architecture developed by using information requirement
analysis. analysis.
1. Define Underlying Organizational Subsystems: The first step of • Project Planning: The fourth and final stage of our model for information
requirement analysis is to identify the underlying organizational processes, system planning, project planning, provides an over all framework within
such as other fulfillment or product analysis. which specific applications can be planned, scheduled, and controlled.
2. Develop Subsystem Matrix: Once the underlying organization processes Guidelines for IT Planning:To determine how much IT planning is needed, an
are identified, the next phase of requirements analysis exercise is to relate organization should assess the extent to which each stage of IT planning has been
specific managers to organizational processes. The matrix is developed by accomplished. It can implement this assessment through a series of questions
reviewing the major decision responsibilities of each middle – to – top related to major activities and outputs in each of the stages of the four stage
manager and relating them to specific processes. planning model. After determining the IT planning needs at each stage, it can
3. Define and Evaluate Information Requirements for Organizational select appropriate methodologies.
Subsystem: In this phase of the requirements analysis managers with  Strategic Planning: In assessing the strategic planning stage, organizations need
major decision making responsibility for each process are interviewed in to answer questions such as:
groups by information requirements of each organizational process.  Is an IT mission clearly expressed in an IT charter?
4. Defining Major Information Categories and Map Interviews into  Is there a compressive assessment of the environment? Are the IT capabilities
Them: The process of defining information categories is similar to how adequately assessed? Have new opportunities been identified? Is the current
data items for individual information system are factored into entities and business environment understood? Is the current application portfolio defined
attributes. and documented? Is the ISD image healthy?
5. Developing Information/Subsystems Matrix: Mapping information  Is there a clear definition of organizational objectives and strategies? Has the
categories against organizational subsystems creates an information strategic organizational plan been reviewed? Have strategic applications been
categories by organizational process matrix. Information categories can be identified to improve strategic advantage?
accounts receivable, customers demographics or product warranties. In  Are IT policies, objectives, and strategies defined? Is the ISD structure
each cell of the matrix an importance value is inserted. appropriate for overall organization? Is the IS technology focus appropriate to
• Resource Allocation: The third stage of the model for information the technology focus of the organization? Are the objectives for allocating IT
planning consists of developing hardware, software, data communication, resources appropriate? Are the IS management process appropriate? Are the
facilities, personnel, and financial plans needed to execute the master functional capability objectives appropriate?
development plan as defined in the requirement analysis.  Requirement Analysis: To conduct an assessment of the requirement analysis
Resource allocation is a contentious process in most organizations because stage, an organization should answer the following questions.
opportunities and requests for spending far exceed the available funds. This  Is there an adequate assessment of the organizational information
can lead to intense, highly political competition between organizational units. requirements? Is the overall information architecture identified? Is there a
Funding requests from the ISD fall into two categories. good understanding of current information needs of the organization? Is there
• Some projects and infrastructure are necessary for organization to stay in a good understanding of projected information needs of the organization? Are
business. the major databases and their relationships defined?
  Is there a master IT development plan? Are IT projects well defined? Are organization? What are its key objectives? Finally with these strategies and
projects ranked by priority? Is there a multi year development schedule? objectives and the larger environment, what strategies and objectives should IS
 Resource Allocation: To assess the resource allocation stage, an organization pursue?
should answer the following questions:  Fitting the IT Architecture: Management of an organization may become
 Does the organization have resource requirement plan? Are trends identified? concerned that their IT architecture is not suited to the needs of the organization.
Is there a hardware and software plan? Is there a data management plan? Is In such a case there has likely been a failure on the part of the IT technicians to
there a data communication plan? Is there a personnel plan? Is there a facilities determine properly the requirements of the organization. Perhaps there has also
plan? Is there a financial plan? been a failure on the part of the management to understand the type and manner
 Does the organization have an adequate procedure for resource allocation? of IT architecture that they have allowed to develop or that they need.
 Project Planning: To have a complete review of IT planning processes, an  IT Architecture Planning: IT specialists versed in the technology of IT must
organization should answer the following questions in regard to project meet with business users and jointly determine the present and future needs for
planning: IT architecture. Plans should be written and published as part of the
 Is there a procedure for evaluating projects in terms of difficulty or risk? organizational strategies. Plan should also deal with training, career implications,
and other secondary infrastructure issues.
 Are projects tasks usually identified adequately?
 Are project cost estimates generally accurate?  IT Policy: IT architecture should be based on corporate guidelines or principles
laid out in policies. These policies should include the roles and responsibilities of
 Are project time estimates generally accurate?
IT professionals and users, security issues, cost benefit analysis for evaluating
 Are checkpoints defined to monitor progress of projects?
IT, and IT architectural goals. Policies should be communicated to all personnel
 Are projects generally completed on schedule? who are managing or directly affected by IT.
If an organization does not get satisfactory answers to the project planning
 Ethical & Legal Issues: Conducting interviews for finding managers needs and
questions, it should review the project planning techniques.
requirements must be done with full cooperation. Measures must be taken to
Problems with IT Planning: IT planning can be an expensive and time
protect privacy.
consuming process. A study of five large scale planning projects found that these
projects involved 10 or more employees, on half-time and full-time basis, for  IT Strategy: In planning IT, it is necessary to examine three basic strategies:
periods lasting from 10 weeks to a year. The estimated costs of the projects ranged o Be a Leader in technology: The advantages of being a leader are the ability to
from $450,000 to $1.9 million. A survey of 80 firms with formal IT planning attract customers, to provide unique services and products and to be a cost
projects found that 53% were dissatisfied with their experiences. leader. However there are high development costs of new technologies and
Managerial Issues: high probability of failures.
 Importance: Getting IT ready for future – that is, planning – is one of the most o Be a Follower: This is a risky strategy of being left behind. However, you do
challenging and difficult tasks facing all the management, including the IS not risk failures, and you implement new technologies at a fraction of the cost.
management. Each of the four steps of IT strategic planning process – setting the o Be an Experimenter: This way you minimize your research and development
mission, assessing the environment, including the organizational goals and investment and the cost of failure. Yet, if new technologies prove to be
objectives, and finally setting the IS objectives strategies and policies – presents successful you can move fairly fast for full implementation.
its own unique problems. Yet, without planning, or with poor planning, the
organization may be doomed.
 Organizing for Planning: Many issues like what should be the role of the ISD?
How should it be organized? Staffed? Funded? How should human resource
issues, such as training, benefits, and career path for IS personnel be handled?
What about the environment? The competition? The economy? Government
regulations? Emerging technologies? What is the strategic direction of the host