Final Exam Revision

Chapter 8: Securing Information Systems

8-1: Why are information systems vulnerable to destruction, error, and abuse?
8-2 What is the business value of security and control?
8-3 What are the components of an organizational framework for security and control?

Case Study: Meltdown and Spectre Haunt the World’s Computers

1. How dangerous are Spectre and Meltdown? Explain your answer.
Both of these are extremely dangerous and are unlike other forms of malware because they are
built into hardware and not software.

Nearly every computer chip manufactured in the last 20 years contains fundamental security
flaws that make it possible for attackers to obtain access to data that were thought to be
completely protected. Discovered in late 2017 the flaws arise from features built into the chips
that help them run faster. The vulnerability enables a malicious program to gain access to data
it should never be able to see.

Meltdown was so named because it “melts” security boundaries normally enforced by

hardware. By exploiting Meltdown, an attacker can use a program running on a computer to
gain access to data from all over that machine that the program shouldn’t normally be able to
see, including data belonging to other programs and data to which only administrators should
have access. Meltdown only affects specific kinds of Intel chips produced since 1995.

Spectre is not manufacturer-specific and affects nearly all modern processors. It requires more
intimate knowledge of the victim program’s inner workings. Spectre’s name comes from
speculative execution, in which a chip is able to start work on predicted future operations in
order to work faster. In this case, the system is tricked into incorrectly anticipating application
behavior. The name also suggests that Spectre will be much more difficult to neutralize. Other
attacks in the same family will no doubt be discovered, and Spectre will be haunting us for
some time.

2. Compare the threats of Spectre and Meltdown to cloud computing centers, corporate data
centers, and individual computer and smartphone users.
Spectre can harness JavaScript code on a web site to trick a web browser into revealing user
and password information. Meltdown could be exploited to view data owned by other users
and also virtual servers hosted on the same hardware, which is especially dangerous for cloud
computing host computers. The most worrisome aspect of Meltdown and Spectre is that
security vulnerabilities are not from flawed software but from the fundamental design of
hardware platforms beneath the software.

Performance of laptops, desktops, tablets, and smartphones will be less affected. The
fundamental vulnerability behind Meltdown and Spectre is at the hardware level, and thus
cannot be patched directly. Technology software vendors are only able to release software fixes
that work around the problems. Such fixes mitigate vulnerabilities by altering or disabling the
way software code makes use of speculative execution and caching features built into the
underlying hardware.

3. How would you protect against Spectre and Meltdown if you were running a public cloud
computing center, if you ran a corporate data center, and if you were an individual
computer user?
Major software vendors have rolled out workaround patches. Cloud vendors have taken
measures to patch their underlying infrastructures, with their customers expected to install the
patches for their operating systems and applications. Microsoft released operating system
patches for Windows 7 and all later versions, which also apply to Microsoft’s Internet Explorer
and Edge browsers. Apple released patched versions of its Safari browser and iOS, macOS, and
tvOS operating systems. Google provided a list of which Chromebook models will or won’t need
patches and released a patch for its Chrome browser.

Older operating systems such as Windows XP and millions of third-party low-cost Android
phones that don’t get security updates from Google will most likely never be patched.
Organizations should apply updates and patches to browser software as soon as they are
available. And since these vulnerabilities could enable attackers to steal passwords from user
device memory when running JavaScript from a web page, it is recommended that users be
instructed to always close their web browsers when not in use.

It is also recommended that enterprises should use other techniques to protect data from users
and organizations that have not applied the fixes. However, the only way to truly fix Meltdown
and Spectre is to replace affected processors. Redesigning and producing new processors and
architectures may take five to ten years to hit the market. If anything good can be said about
Spectre and Meltdown, it is that they have focused more global attention on software and
hardware security and the need to develop more robust system architectures for secure
computing.

Case Study: Management: How Secure is the Cloud?

1. What kinds of security problems does cloud computing pose? How serious are they?
Explain your answer.
Managing security and privacy for cloud services is similar to managing traditional IT
infrastructures. However, the risks may be different because some, but not all, responsibilities
shift to the cloud service provider. The category of cloud service (IaaS, PaaS, or SaaS) affects
exactly how these responsibilities are shared. For IaaS, the provider typically supplies and is
responsible for securing basic IT resources such as machines, storage systems, and networks.
The cloud services customer is typically responsible for its operating system, applications, and
corporate data placed into the cloud computing environment. This means that most of the
responsibility for securing the applications and the corporate data falls on the customer.
2. What management, organization, and technology factors are responsible for cloud
security problems? To what extent is cloud security a management issue?
Management: Although many organizations know how to manage security for their own data
center— they’re unsure of exactly what they need to do when they shift computing work to the
cloud. They need new tool sets and skill sets to manage cloud security from their end to
configure and launch cloud instances, manage identity and access controls, update security
controls to match configuration changes, and protect workloads and data.
Management should take the lead on ensuring cloud security for all data and processes
belonging to the company. Cloud security is just as important as internal IT security.
Organization: Using the public cloud disrupts traditional cybersecurity models that many
companies have built up over years. As a result, as companies make use of the public cloud,
they need to revise their cybersecurity practices in order to consume public-cloud services in a
way that enables them both to protect critical data and to fully exploit the speed and agility that
these services provide.
Technology: There’s a misconception among many IT departments that whatever happens in
the cloud is not their responsibility. It is essential to update security requirements developed for
enterprise data centers to produce requirements suitable for the use of cloud services.
Organizations using cloud services often need to apply additional controls at the user,
application, and data level.
The biggest threats to cloud data for most companies involve lack of software patching or
misconfiguration. Many organizations have been breached because they neglected to apply
software patches to newly identified security vulnerabilities when they became available or
waited too long to do so. Companies have also experienced security breaches because they did
not configure aspects of cloud security that were their responsibility. Some users forget to set
up AWS bucket password protection.
3. What steps can organizations take to make their cloud-based systems more secure?
When processing takes place in the cloud, accountability and responsibility for protection of
sensitive data still reside with the company owning that data. Understanding how the cloud
computing provider organizes its services and manages the data is critical.
Users may not know precisely where their data are being hosted. Cloud users need to confirm
that regardless of where their data are stored, they are protected at a level that meets their
corporate requirements. They should stipulate that the cloud provider store and process data in
specific jurisdictions according to the privacy rules of those jurisdictions. Cloud clients should
find how the cloud provider segregates their corporate data from those of other companies and
ask for proof that encryption mechanisms are sound. It’s also important to know how the cloud
provider will respond if a disaster strikes, whether the provider will be able to restore your data
completely, and how long this should take. Cloud users should also ask whether cloud providers
will submit to external audits and security certifications. These kinds of controls can be written
into the service level agreement (SLA) before signing with a cloud provider.
4. Should companies use the public cloud to run their mission-critical systems? Why or why
not?
Companies expect their systems to be running 24/7. Cloud providers still experience occasional
outages, but their reliability has increased to the point where a number of large companies are
using cloud services for part of their IT infrastructures. Most keep their critical systems in-house
or in private clouds.

Case Study: Is the Equifax Hack the Worst Ever – and Why?
8-13 Identify and describe the security and control weaknesses discussed in this case.
On September 7, 2017 Equifax reported that from mid-May through July 2017 hackers gained
access to some of its systems and potentially the personal information of about 143 million U.S.
consumers, including Social Security numbers and driver’s license numbers. Credit card
numbers for 209,000 consumers and personal information used in disputes for 182,000 people
were also compromised.
Equifax reported the breach to law enforcement and also hired a cybersecurity firm to
investigate. The size of the breach, importance, and quantity of personal information
compromised by this breach are considered unprecedented.
The Equifax breach was especially damaging because of the amount of sensitive personal and
financial data stored by Equifax that was stolen, and the role such data play in securing
consumers’ bank accounts, medical histories, and access to financing. In one swoop the hackers
gained access to several essential pieces of personal information that could help attackers
commit fraud.
Analyses earlier in 2017 performed by four companies that rank the security status of
companies based on publicly available information showed that Equifax was behind on basic
maintenance of web sites that could have been involved in transmitting sensitive consumer
information. Cyberrisk analysis firm Cyence rated the danger of a data breach at Equifax during
the next 12 months at 50 percent. It also found the company performed poorly when compared
with other financial-services companies. The other analyses gave Equifax a higher overall
ranking, but the company fared poorly in overall web-services security, application security, and
software patching.
A security analysis by Fair Isaac Corporation (FICO), a data analytics company focusing on credit
scoring services, found that by July 14 public-facing web sites run by Equifax had expired
certificates, errors in the chain of certificates, or other web-security issues.
8-14 What management, organization, and technology factors contributed to these problems?
Management: Competitors privately observed that Equifax did not upgrade its technological
capabilities to keep pace with its aggressive growth. Equifax appeared to be more focused on
growing data it could commercialize.
The findings of the outside security analyses appear to conflict with public declarations by
Equifax executives that cybersecurity was a top priority. Senior executives had previously said
cybersecurity was one of the fastest-growing areas of expense for the company. Equifax
executives touted Equifax’s focus on security in an investor presentation that took place weeks
after the company had discovered the attack.
Organization: Equifax bought companies with databases housing information about consumers’
employment histories, savings, and salaries, and expanded internationally. The company bought
and sold pieces of data that enabled lenders, landlords, and insurance companies to make
decisions about granting credit, hiring job seekers, and renting an apartment.
The data breach exposed Equifax to legal and financial challenges, although the regulatory
environment is likely to become more lenient under the current presidential administration. It
already is too lenient. Credit reporting bureaus such as Equifax are very lightly regulated. Given
the scale of the data compromised, the punishment for breaches is close to nonexistent.
Technology: The hack involved a known vulnerability in Apache Struts, a type of open-source
software Equifax and other companies use to build web sites. This software vulnerability was
publicly identified in March 2017, and a patch to fix it was released at that time. That means
Equifax had the information to eliminate this vulnerability two months before the breach
occurred. It did nothing.
Weaknesses in Equifax security systems were evident well before the big hack. A hacker was
able to access credit-report data between April 2013 and January 2014. The company
discovered that it mistakenly exposed consumer data as a result of a “technical error” that
occurred during a 2015 software change. Breaches in 2016 and 2017 compromised information
on consumers’ W-2 forms that were stored by Equifax units. Additionally, Equifax disclosed in
February 2017 that a “technical issue” compromised credit information of some consumers who
used identity-theft protection services from LifeLock.
8-15 Discuss the impact of the Equifax hack?
Hackers gained access to Equifax systems containing customer names, Social Security numbers,
birth dates, and addresses. These four pieces of data are generally required for individuals to
apply for various types of consumer credit, including credit cards and personal loans. Criminals
who have access to such data could use it to obtain approval for credit using other people’s
names. Credit specialist and former Equifax manager John Ulzheimer calls this is a “nightmare
scenario” because all four critical pieces of information for identity theft are in one place.
Stolen personal data will be available to hackers on the Dark Web for years to come.
Governments involved in state-sponsored cyberwarfare are able to use the data to populate
databases of detailed personal and medical information that can be used for blackmail or future
attacks.
8-16 How can future data breaches like this one be prevented? Explain your answer.
There will be hacks—and afterward, there will be more. Companies need to be even more
diligent about incorporating security into every aspect of their IT infrastructure and systems
development activities. To prevent data breaches such as Equifax’s, organizations need many
layers of security controls. They need to assume that prevention methods are going to fail.
As data breaches rise in significance and frequency, the government is proposing new legislation
that would require firms to report data breaches within specific time frames and set standards
for data security.
There are other measures every organization, public and private can and should take to secure
their systems and information. Section 8.4, What are the most important tools and technologies
for safeguarding information resources, of this chapter provides a list:
 Use appropriate identity management and authentication procedures and processes.
 Use adequate firewalls, intrusion detection systems, and antivirus software.
 Secure wireless networks.
 Use adequate encryption and public key infrastructures—this alone would have
saved Sony a lot of grief and money.
 Control Network Traffic with Deep Packet Inspection technology.
Many security experts believe that U.S. cybersecurity is not well-organized. The FBI and
Department of Homeland Security released a “cyber alert” memo describing lessons learned
from other hacks. The memo lists generally recommended security practices for companies to
adopt, including encrypting data, activating a personal firewall at agency workstations,
monitoring users’ online habits, and blocking potentially malicious sites.
Chapter 9: Achieving Operational Excellence and Customer Intimacy: Enterprise
Applications
9-1 How do enterprise systems help businesses achieve operational excellence?
9-2 How do supply chain management systems coordinate planning, production, and logistics
with suppliers?
9-3 How do customer relationship management systems help firms achieve customer
intimacy?
9-4 What are the challenges that enterprise applications pose and how are enterprise
applications taking advantage of new technologies?

Case Study: Soma Bay Prospers with ERP in the Cloud

1. Identify and describe the problem discussed in this case. What management, organization,
and technology factors contributed to the problem?
Management: Political upheavals and economic conditions have taken a toll on occupancy rates
and profitability. When President Hosni Mubarak was overthrown during the Egyptian
revolution of 2011, there was a sharp devaluation of Egyptian currency. In the years that
followed, political conditions stabilized and the Egyptian economy recovered, but the tourism
industry lost US$1.3 billion after the downing of a commercial airliner over the Sinai Desert in
late 2015. Soma Bay Development Company’s hotel occupancy rates plummeted from more
than 50 percent in 2015 to 25 percent in the first quarter of 2016. Foreign exchange fluctuations
and political upheavals
are forces beyond Soma Bay’s control, but what the company’s management can do during
downturns is react intelligently by closely monitoring operations and costs.
Organization: Soma Bay Development Company tried to run much of the company using
unwieldy Excel-based systems. Managers had to manually manipulate spreadsheets to
understand the basic drivers of profitability, and it often took too long to obtain the information
needed for sound decision making. These systems made it difficult for Soma Bay to manage its
aggressive growth plans.
Technology: The company’s use of a JD Edwards Enterprise One ERP system from Oracle with
applications and data residing in Oracle’s Cloud Infrastructure as a Service (Oracle Cloud IaaS)
solved most of Soma’s problems. The Enterprise One software creates currency-neutral financial
reports that weren’t available before.
2. Why was an ERP system required for a solution? How did having a cloud-based ERP
system contribution to the solution?
Soma Bay Company’s CFO, and his team selected JD Edwards Enterprise One for a
solution because it could create standardized business processes across functional areas and
provide timely reports that explain the profitability of each business unit using a standard chart
of accounts. The software can identify the profitability drivers and growth drivers of a business.
Enterprise One seamlessly combines data from the general ledger and other financial systems
with data from operational systems.
Soma Bay’s Enterprise One cloud platform makes it easy to create cash flow reports, project
management reports, accounts receivable aging reports, facility management reports, and key
performance indicator reports throughout Soma Bay’s distributed organization. Company
management also appreciates Oracle Cloud IaaS disaster recovery capabilities. Several years
ago, water from an upper floor flooded Soma Bay’s Cairo data center. The company was able to
restore data and resume operations quickly because it had backups stored in Oracle Cloud.
3. What were the business benefits of Soma Bay’s new enterprise system? How did it change
decision making and the way the company operated?
Having a dual revenue stream mitigates risks. If the tourism business is slow, Soma Bay still has
revenue from the real estate business, and vice versa. The ERP system provides the data
required to closely track costs. When Soma Bay spent 100 million Egyptian pounds (equivalent
to approximately US$5.7 million) on new construction the Enterprise One system provided the
information about cash management and cash flow for sustaining this level of expansion. Soma
Bay can carefully monitor cash flow and payments to contractors.
During the 2016 downturn, Soma Bay used the Enterprise One cost management and
profitability capabilities to provide detailed financial data that helped managers carefully control
fixed operating expenses, helping to minimize losses. Enterprise One provided a solid
understanding of costs and profitability, even though revenue came from different currencies
and markets. It was able to show the impact of falling occupancy rates on the business,
excluding foreign exchange effect, to help management measure overall performance by legal
entity. This knowledge helped Soma Bay weather the downturn and implement an aggressive
turnaround plan.
Today, 95 percent of Soma Bay staff members use the Enterprise One software in some capacity.
The company has a more stable operating model. Occupancy rates at its five hotels are rising.
Soma Bay Development Company is building 500 vacation homes in six seaside communities.
According to Cherif Samir, Financial Controller for Soma Bay, being able to track every penny the
company spends on a project has revolutionized the business.
Case Study: Kenya Airways Flies High with Customer Relationship Management
1. What was the problem at Kenya Airways described in this case? What management,
organization, and technology factors contributed to this problem?
Kenya Airways is the flag carrier of Kenya and ranks fourth among the top ten African airlines in
terms of seat capacity, with a fleet of 33 aircraft covering 53 destinations domestically and
abroad. It is the only African airline in the SkyTeam alliance, whose 20 members include Delta
Airlines, Air France, Alitalia, Aeromexico, China Airlines, and Korean Air, and is expected to live
up to a very high global standard. One area of the business that needed improvement was the
airline’s relationship to its customers.
Management: Africa’s current population of 1 billion is expected to reach 1.5 billion within a
decade, with a rapidly growing middle class in many countries. Until recently Kenya Airways was
unable to fully capitalize on this market opportunity because it didn’t know enough about its
customers. Although the airline had added more planes, passenger numbers had been
decreasing, partly due to the fear of Ebola virus outbreaks, regional terrorism, and increased
competition from Persian Gulf carriers. Profitability suffered.
Organization: The airline didn’t know who clicked on its email campaigns. It was advertising
mostly on billboards, in newspapers, and on flyers, with no way to measure the effectiveness of
those campaigns. There was no way to tell what its sales representatives in different offices
were doing. Marketing, sales, and customer service activities were operating in the dark. For
example, each May the airline would send every customer in its scattered data repositories a
Mother’s Day greeting, although many of the recipients were not mothers.
Technology: Data on customers were located in many different repositories, such as
spreadsheets and files in company and partner travel agent offices, reservation systems, and
airport check-ins, and the data were not integrated. Without a single repository for customer
data, Kenya Airways was unable to identify the preferences, special needs, or other personal
characteristics of its “guests,” who included commercial traders, business executives,
government officials, students, missionaries, and medical tourists.
2. What was the relationship of customer relationship management to Kenya Airways’
business performance and business strategy?
In 2014, Kenya Airways initiated a multiyear program to automate and integrate all of its
customer data so that it could engage in effective customer relationship management using
Oracle’s Marketing, Sales, Data, and Service Clouds. Oracle Marketing Cloud provides a cloud-
based platform to connect firms’ marketing data, centrally orchestrate cross-channel customer
interactions, engage the right audience, and analyze performance. It includes tools for
managing marketing automation campaigns, providing cross-channel customer experiences,
creating and managing engaging content, “listening” to customer conversations about a
product, brand or service, and engaging with messaging (social marketing).
A few weeks after implementing Oracle Marketing Cloud, the airline ran its first automated
marketing campaign, which directed emails, SMS texts, and social media posts about special
holiday season fares to Kenyan emigrants in Dubai. Kenya Airways then created campaigns to
promote new and expanded routes to Hanoi and Zanzibar. As time went on, the airline’s
marketing team became more skillful at tracking revenue flows generated by those campaigns
and identifying new sources of data to target the campaigns more effectively.

Kenya Airways marketing automation lead Harriet Luyai reported in early 2015 that “reachable
contacts” rose from 40 percent to 89 percent, open rates on marketing emails rose from 40
percent to 65 percent, and the airline’s “acquisition rate”—the percentage of respondents who
opt in to its campaigns—was up to 20 percent. The airline can measure the impact of marketing
campaigns on ticket sales. Campaigns that previously took three days to execute using an
agency now take 30 minutes and are much less expensive.
3. Describe Kenya Airways’ solution to its problem. What management, organization, and
technology issues had to be addressed by the solution?
Management: Although Kenya Airways had a customer loyalty program, it had previously been
unable to identify high-value customers. Now Kenya Airways can track all its high-value
customers and show how much revenue each customer generates. It can also segment
customers across the customer life cycle, making it possible to distinguish a new customer from
a longtime high-value customer. Kenya Airways now has a 360-degree view of each of its
customers.
Organization: After implementing Oracle Marketing Cloud, Kenya Airways started using Oracle
Sales Cloud to automate its sales activities and Oracle Right-Now Cloud Service for its customer
service activities, linking all three clouds in one central data repository. Marketing, sales, and
service can now integrate their customer data and coordinate business processes. The airline
pulled together information on age, income, education level, job function, job level, revenue
generated for the airline, geography, status, preferences, interest areas, service calls, email
activity, form submissions, and purchase history to help it create very detailed customer profiles
for personalizing offerings.
Technology: It took much more time to implement the Oracle Cloud suite than Kenya Airways
had originally estimated—more than a year instead of six months. The required data, which
resided in many different applications, needed to be cleansed to make sure they were all in the
right format before they could be transferred to the new data repository. Much of this work was
manual. Airline staff had to be trained in new ways of working with digital CRM tools because so
much of its work had previously been manual.
4. How effective was this solution? How did it affect the way Kenya Airways ran its business
and its business performance?
To help the Kenya Airways marketing team drive additional revenue by converting leads to ticket
sales, increasing website traffic, and increasing social followers the airline implemented Oracle
Social Cloud. This tool helps the Kenya Airways customer service team follow social media posts
and discussions about the airline’s services and respond to questions and problems within 30
minutes. It also helps agents prioritize their follow-up posts and manage workflows for the
appropriate approvals and for troubleshooting.

Case Study: Clemens Food Group Delivers with New Enterprise Applications
9-13 Why would supply chain management be so important for Clemens Food Group?
Clemons Food is a vertically coordinated company that includes antibiotic-free hog farming,
food production, logistical services, and transportation. Using a responsive pork production
system, the company focuses on supplying the highest-quality products to its partners as well as
advanced solutions that simplify partners’ operations.
The Clemens Food Group raises and processes about five million hogs per year, managing
procurement, production, and logistics services from birth to finished food products. Clemens
has 3,350 employees.
For a company in the perishable goods industry such as Clemens Food to be profitable, it must
have a firm grasp on the timeliness and accuracy of orders and very precise information about
the status of its products and warehouse activities throughout its network of farms and
production facilities. Accuracy in determining yields, costs, and prices in a wildly fluctuating
market can make a difference of millions of dollars.
9-14 What problem was the company facing. What management, organization, and
technology factors contributed to these problems?
Management: Clemens Food’s legacy systems were no longer able to keep up with production
and support future growth. Management realized the company needed a new platform to
provide better visibility into production, more efficient planning, and tighter control of available-
to-promise processes.
Being in the perishables industry made it imperative for Clemens Food to have master data in
place when the new system went live to avoid disruptions to production or shipping capabilities.
Organization: Clemens Food also wanted real-time information about plant profitability,
including daily profitability margins on an order-by-order basis.
Sales forecasting in the meat-processing industry has unique challenges because of the many
variables from dealing with perishable products, raw material by-products, and seasonality
considerations. Every Thursday, Clemens Food ran a sales report on its old legacy system that
showed the previous week’s sales. Information about actual profitability was delayed.
Now, the company can measure profitability on an invoice-by-invoice basis, and it knows the
profitability of each order right away. Prices change daily in the perishable food business, so the
importance of having real-time information about profitability can’t be overstated.
Technology: Clemens Food created a five-year plan to modernize its IT infrastructure with an
integrated platform for systems to optimize its supply network and improve scheduling,
optimization, and margin visibility in its multi-business operations. The plan gained steam in
2014 when Clemens Food announced it would develop a third pork processing plant comprising
550,000 square feet in Coldwater Township, Michigan.
The addition of this facility could significantly increase volume and double revenue if it was
backed by a more modern IT platform. Clemens Food’s existing ERP system needed to be
replaced by one that could handle increased volume and multi-plant complexities.
9-15 Was SAP S/4HANA a good solution for Clemens Food Group? Explain your answer.

Yes, the SAP S/4HANA was an excellent solution for the food group.
SAP S/4HANA is a business suite that is based on the SAP HANA in-memory computing platform.
It features enterprise resource planning software meant to cover all day-to-day processes of an
enterprise and also integrates portions of SAP Business Suite products for customer relationship
management, supplier relationship management, and supply chain management. SAP S/4HANA
is available in on-premises, cloud, and hybrid computing platforms.
The company now has a single “source of truth,” and data are integrated, whereas in the past it
had to deal with similar data spread over multiple systems. With a single source of truth and the
ability to put information at people’s fingertips, Clemens Foods can create dashboards and focus
on making reporting far simpler than it’s ever been.
9-16 What management, organization, and technology issues had to be addressed to
implement SAP S/4HANA at Clemens Food Group?
Management: Clemens Food chose to implement SAP S/4HANA Finance, along with
functionality for materials management and production planning in a sweeping “big-bang”
approach across the enterprise. The new system needed to be operational in time for the
opening of the Coldwater plant. Clemens Food had used a phased approach for its previous ERP
implementation 15 years earlier. That prior rollout ended up taking several years and resulted in
heavy customization.
Organization: Clemens Food selected itelligence Group implementation consultants to help with
its master data and other migration issues. itelligence Group is a global SAP Platinum Partner
with over 25 years of experience. It offers a full range of services from implementation
consulting to managed services for its clients. Clemens identified itelligence as a partner with
deep SAP food-specific knowledge and experience, including fresh and processed meat.
itelligence Group had a proprietary Hog Procurement solution available for Clemens that helped
deliver an on-time and on-budget project with minimal disruption to the business. itelligence
Group had experience guiding other meat-processing companies through similar largescale
implementations. The company wanted intelligence to act as business process experts to help
Clemens Food re-examine the way it did things. Clemens Food followed itelligence’s suggestions
about modifications, budget management, the overall testing cycle, and the philosophy of
implementation.
Technology: By the time Clemens Food migrated to SAP S/4HANA, its legacy ERP system was
linked to more than 70 applications. One especially valuable piece of project guidance from
itelligence was to encourage project members to see the implementation as being led by the
business rather than just an IT project. Clemens Foods started out with the project being IT-led,
but after five months assigned internal leaders of the business to be the project leads. That
switch forced the project team to be more objective through all the different testing phases.
After each testing cycle, they had objective scoring from the dedicated team leads who viewed
the project as a business process improvement. That helped the project team move closer to a
finished product, rather than waiting until going live to find out it missed the mark. Including
the business as equal partners when updates were instituted helped ensure that customizations
were avoided.

Chapter 10: E-commerce: Digital Markets, Digital Goods

10-1 What are the unique features of e-commerce, digital markets, and digital goods?
10-2 What are the principal e-commerce business and revenue models?
10-3 How has e-commerce transformed marketing?
10-4 How has e-commerce affected business-to-business transactions?
10-5 What is the role of m-commerce in business, and what are the most important m-
commerce applications?

Case Study: Uber: Digital Disruptor

1. Analyze Uber using the competitive forces and value chain and models. What is its
competitive advantage?
Uber can claim two competitive forces: it is both a substitute service for regular taxi services or
other public transportation services, and it’s a new market entrant.
Instead of trying to hail a cab, you pull out your smartphone and tap the Uber app. A Google
map pops up displaying your nearby surroundings. You select a spot on the screen designating
an available driver, and the app secures the ride, showing how long it will take for the ride to
arrive and how much it will cost. Once you reach your destination, the fare is automatically
charged to your credit card. No fumbling for money. That can also increase customer intimacy.
Uber runs much leaner than a traditional taxi company does. Uber does not own taxis and has
no maintenance and financing costs. It does not have employees, so it claims, but instead calls
the drivers independent contractors, who receive a cut of each fare. Uber is not encumbered
with employee costs such as workers’ compensation, minimum wage requirements, background
checks on drivers, driver training, health insurance, or commercial licensing costs. Uber has
shifted the costs of running a taxi service entirely to the drivers and to the customers using their
cell phones. Drivers pay for their own cars, fuel, and insurance. What Uber does is provide a
smartphone-based platform that enables people who want a service—like a taxi—to find a
provider who can meet that need.
2. What is the relationship between information technology and Uber’s business model?
Explain your answer.
Rates are determined based on the typical factors of time and distance but also demand. Uber’s
software predicts areas where rides are likely to be in high demand at different times of the day.
This information appears on a driver’s smartphone so that the driver knows where to linger and,
ideally, pick up customers within minutes of a request for a ride. Uber also offers a higher-priced
town car service for business executives and a ride-sharing service. Under certain conditions, if
demand is high, Uber can be more expensive than taxis, but it still appeals to riders by offering a
reliable, fast, convenient alternative to traditional taxi services.
3. How disruptive is Uber?
More than 40 million people use Uber each month. However, Uber’s over-the-top success has
created its own set of challenges. By digitally disrupting a traditional and highly regulated
industry, Uber has ignited a firestorm of opposition from existing taxi services in the United
States and around the world. Who can compete with an upstart firm offering a 40 percent price
reduction when demand for taxis is low? (When demand is high, Uber prices surge.) What city
or state wants to give up regulatory control over passenger safety, protection from criminals,
driver training, and a healthy revenue stream generated by charging taxi firms for a taxi license?
Critics fear that Uber and other on-demand firms have the potential for creating a society of
part-time, low-paid, temp work, displacing traditionally full-time, secure jobs—the so-called
Uberization of work. Uber responds to this fear by saying it is lowering the cost of
transportation, expanding the demand for ride services, and expanding opportunities for car
drivers, whose pay is about the same as other taxi drivers.
4. Is Uber a viable business? Explain your answer.
The company is still not profitable, although if Uber continues to triple revenue every year, the
answer could be yes. But Uber has competitors, including Lyft in the United States and local
firms in Asia and Europe. New, smaller competing firms offering app-based cab-hailing services
are cropping up, such as Sidecar and Via. Established taxi firms in New York and other cities are
launching their own hailing apps and trumpeting their fixed-rate prices. Uber is pressing on,
with new services for same-day deliveries, business travel accounts, and experiments with self-
driving cars, which management believes will be key to long-term profitability. It is still too early
to tell whether Uber and other on-demand businesses will succeed.

Case Study: Uber: “Socializing” with Customers

1. Assess the management, organization, and technology issues for using social media to
engage with customers.
Management: Companies can use social media to help build interest in their brands as long as
customers feel connected and at ease with the promotions. Personalizing the company can be a
huge success. Using Facebook to show what friends purchased by using the “Like” button can
draw customers into the company’s site. Mack Trucks’ senior management has been very
pleased with the results and detail and precision of digital marketing information. Vice President
of Marketing can see what happens with every dollar Mack spends.

Organization: Some companies use a dedicated team of Twitter responders to answer user
questions and respond to complaints. The company can then mine the data through text mining
and convert the data to useful information about the company’s products. The company can
also use the information to gauge the success of promotions, which products are hot and which
are duds, and the impact of advertising campaigns. However, companies must be careful not to
just rush in and create Facebook pages and Twitter accounts. They must engage in meaningful
“conversations” with customers and collect feedback and input. They must slowly build
relationships over time with customers.
Technology: Mack Truck’s marketing team uses traditional channels for broad awareness and
relies on social marketing to focus on segmentation and metrics.
2. What are the advantages and disadvantages of using social media for advertising, brand
building, market research, and customer service?
Advantages:
 Advertising: Twitter has developed new offerings for advertisers like Promoted
Tweets and Promoted Trends. These features give advertisers the ability to have their
tweets displayed more prominently when Twitter users search for certain keywords.
 Brand building: Mack Truck launched a comprehensive social media campaign
directing Facebook, Twitter, YouTube, and LinkedIn followers to photos, videos, text
 summaries, and other content describing every aspect of its new product line. The
campaign was credited with attracting more than 40,000 new social followers to the
Mack brand.
 Market research: Prompted by customer social media comments about meats other
than roast beef, fast-food sandwich restaurant chain Arby’s launched a “Meat
Mountain” campaign poster showing various meats other than roast beef. Arby’s
customers mistakenly thought the poster displayed a new sandwich and, through
social media, indicated they were anxious to try it. Arby’s then responded with a new
$10 Meat Mountain sandwich.
Disadvantages:
 Twitter accounts have been hacked with negative results. Many companies simply
flood social media channels with sales and marketing pitches, touting themselves,
and they don’t engage in conversations with customers where they could collect
customer feedback and input.
 Social media campaigns can be tricky to orchestrate, and the results are not always
predictable. Although previous Trump tweets calling out brands such as Lockheed
Martin had hurt stock share prices, when social followers of Donald Trump called for
boycotting Nordstrom for dropping Ivanka Trump’s clothing line from its stores,
Nordstrom’s stock price rose, and the company outperformed many of its retail
industry rivals in the months that followed. Nordstrom customers remained loyal to
the brand.
 In September 2016, San Antonio–based Miracle Mattress provoked angry social
media backlash when it posted a Facebook video advertising a “Twin Towers Sale.”
The video encouraged customers to “remember 9/11” and “get any size mattress for
a twin price.” Miracle Mattress removed the video from its Facebook timeline, and
owner Mike Bonanno posted an apology letter.
3. Give an example of a business decision in this case study that was facilitated by using
social media to interact with customers.
Mack Trucks’ digital marketing team knows if a person in its database clicked on a Facebook
post to view an Anthem-related video or looked for other information on the company’s web
site. Compelling personalized content helps engage prospects and move them further along the
sales process until they ask to talk to a Mack dealer. At that point, the prospect is considered a
qualified lead. The Social Cloud software program alerts team members when the Mack Anthem
is mentioned on various social sites, and they can respond where appropriate.
4. Should all companies use social media technology for customer service and marketing?
Why or why not? What kinds of companies are best suited to use these platforms?
Before a company jumps into using Facebook and Twitter, it needs to make sure the “back
room” mechanics are in place to process customer service requests. If the company’s
employees are not available for the unanticipated response volume, the plan could backfire.
Social media can provide a platform for widespread negative backlash to companies or retailers.
Starbucks coffee experienced a huge angry response from customers for a social issue
promotion it began on Twitter and Facebook.
Companies who interface directly with consumers are probably more suited to using Facebook
and Twitter promotions. However, all companies who create social media avenues with
customers must realize that it’s not a mirror image of offline, traditional contacts. Relationships
must be created and nurtured over time.

Case Study: A Nasty Ending for Nasty Gal

10-15 How did social media support Nasty Gal’s business model? To what extent was Nasty
Gal a “social” business?
Nasty Gal’s styling was edgy and fresh—a little bit rock and roll, a little bit disco, modern, but
never hyper-trendy. Eight years after its founding, Nasty Gal had sold more than $100 million in
new and vintage clothing and accessories, employed more than 350 people, had more than a
million fans on Facebook and Instagram, and was a global brand. It looked like a genuine e-
commerce success story.
Sophia Amoruso, who launched Nasty Gal, was a heavy user of social tools to promote her
business. When she first started out, she used MySpace, where she attracted a cult following of
more than 60,000 fans. The company gained traction on social media with Nasty Gal’s aesthetic
that could be both high and low, edgy and glossy.
Amoruso took customer feedback very seriously and believed customers were at the center of
everything Nasty Gal did. When she sold on eBay, she learned to respond to every customer
comment to help her understand precisely who was buying her goods and what they wanted.
Amoruso said that the content Nasty Gal customers created was always a huge part of the Nasty
Gal brand. It was very important to see how customers wore Nasty Gal’s pieces and the types of
photographs they took. They were inspiring.
Social media is built on sharing, and Nasty Gal gave its followers compelling images, words, and
content to share and talk about each day. It could be a crazy vintage piece, a quote, or a behind-
the-scenes photo. At most companies, the person manning the Twitter and Facebook accounts
is far removed from senior management. Amoruso did not always author every Nasty Gal tweet,
but she still read every comment. If the customers were unhappy about something, she wanted
to hear about it right away. At other businesses, it might take months for customer feedback to
filter up to the CEO. When Nasty Gal first joined Snapchat, Amoruso herself tested the water
with a few Snaps, and Nasty Gal followers responded in force.
10-16 What management, organization, and technology problems were responsible for Nasty
Gal’s failure as a business?
Management: In June 2008, Amoruso moved Nasty Gal Vintage off eBay and onto its own
destination web site, www. nastygal.com. In 2012, Nasty Gal began selling clothes under its own
brand label and also invested $18 million in a 527,000-square-foot national distribution center
in Kentucky to handle its own shipping and logistics. Venture capitalists Index Ventures provided
at least $40 million in funding. Nasty Gal opened a brick-and-mortar store in Los Angeles in 2014
and another in Santa Monica in 2015.
Nasty Gal experienced tremendous growth in its early years, being named INC Magazine’s
fastest growing retailer in 2012 and earning number one ranking in Internet Retailer’s Top 500
Guide in 2016. By 2011, annual sales hit $24 million and then nearly $100 million in 2012.
However, sales started dropping, $85 million in 2014 and then $77 million in 2015.
Organization: With growing direct-to-consumer demand and higher inventory replenishment
requirements driven by new store openings, Nasty Gal invested in a new warehouse
management system. Nasty Gal’s rapid expansion was fueled by heavy spending in advertising
and marketing. This is a strategy used by many startups, but it only pays off in the long run if
one-time buyers become loyal shoppers. Otherwise, too much money is spent on online
marketing like banner ads and paying for influencers.
Technology: The warehouse management system investment was designed to increase
warehouse productivity and shorten order cycle times so that Nasty Gal’s supply chain could
better service its mushrooming sales. The company selected HighJump’s Warehouse
Management System (WMS) with the goal of increasing visibility and overall productivity while
keeping fill rates above 99 percent.
HighJump’s implementation team customized the WMS software to optimize the business
processes that worked best for an e-commerce retailer that ships most of its items straight to
the customer, with a small subset going to retail stores. The WMS software was also configured
to support processes that would scale with future growth.
10-17 Could Nasty Gal have avoided bankruptcy? Explain your answer.
Nasty Gal wasted money on things that didn’t warrant large expenditures. The company
quintupled the size of its headquarters by moving into a 50,300-square-foot location in
downtown Los Angeles in 2013—far more space than the company needed, according to
industry experts. The company also opened a 500,000-square-foot fulfillment center in
Kentucky to handle its own distribution and logistics as well as two brick-and-mortar stores in
Los Angeles and Santa Monica. Even in the hyper-trendy fashion business, companies have to
closely monitor production, distribution, and expenses for operations to move products at a
scale big enough to make a profit. Nasty Gal’s mostly young staff focused too much on the
creative side of the business.
While it was growing, Nasty Gal built its management team, hiring sizzling junior talent from
retail outlets such as Urban Outfitters. But their traditional retail backgrounds clashed with the
startup mentality. As Nasty Gal expanded, Amoruso’s own fame also grew, and she was
sidetracked by other projects. Employees complained about Amoruso’s management style and
lack of focus.
Amoruso resigned as chief executive in 2015 but remained on Nasty Gal’s board of directors
until the company filed for Chapter 11 bankruptcy in November 2016. Between 2015 and 2016,
Nasty Gal raised an additional $24 million in equity and debt financing from venture-focused
Stamos Capital Partners LP and Hercules Technology Growth Capital Inc. Even though the
funding helped Nasty Gal stay afloat, the company still had trouble paying for new inventory,
rent, and other operating expenses.

Chapter 11: Managing Knowledge and Artificial Intelligence

11-1 What is the role of knowledge management systems in business?
11-2 What are artificial intelligence (AI) and machine learning? How do businesses use AI?
11-3 What types of systems are used for enterprise-wide knowledge management and how
do they provide value for businesses?
11-4 What are the major types of knowledge work systems, and how do they provide value
for firms?

Case Study: Sargent & Lundy Learns to Manage Employee Knowledge

1. How is knowledge management related to Sargent & Lundy’s business model?
Sargent & Lundy is noted for its industry knowledge, engineering expertise, and high-quality
work. Approximately 87 percent of its 2,500 employees are engineers and designers. The
company takes pride in the depth of knowledge of its employee experts and their loyalty to the
firm. On average, employees stay with the company for 15 years—often much longer.
Sargent & Lundy tries to cross-utilize its staff in various types of work because it believes they
are the best people for the job. Deanna Myers, Sargent & Lundy’s Senior Manager of Learning
and Development, works to ensure that employees have the skills, tools, and resources they
need to achieve excellence throughout their careers.
2. Identify the knowledge management problem faced by Sargent & Lundy. What
management, organization, and technology factors contributed to this problem?
Management: Sargent & Lundy’s management learned that around half of the company’s most
experienced employees, including engineers, designers, and power experts, would be eligible to
retire by 2015. When they left the company, they would be taking critical business knowledge
with them.

Organization: Although engineers had access to a knowledge database of the firm’s

documented processes and procedures, experts’ tacit knowledge was more difficult to capture.
The company hired a large group of new recruits very quickly to replace the retirees. However,
with a worldwide footprint and ambitious expansion plans, the company needed to find better
ways of transferring seasoned employees’ expertise—including their tacit knowledge—to the
new recruits wherever they were located.
In the past, Sargent & Lundy had used an untracked schedule of instructor-led courses, which
often overlapped with existing training. The moment an instructor-led course finished, the
company might have two or three new hires who needed that course. This meant that a portion
of the employees who really needed the instruction were not getting it.
Technology: Corporate training and learning facilities needed to be centralized and overhauled
to make it easier for experts to share industry experience and skills as well as tacit knowledge.
There was no in-house computer-based training available for new employees.
3. Describe the solution selected for this problem. Was it effective? Why or why not? How
much did it change the firm’s operations and decision making?
The company decided to transform its learning model and implemented a new talent
management platform based on SAP SuccessFactors Learning Management System. SAP
SuccessFactors is a cloud-based human capital management (HCM) software suite. It integrates
software for orienting and training a new employee, social business and collaboration tools, a
learning management system (LMS), performance management, recruiting software, applicant
tracking software, succession planning, talent management, and HR analytics to enable
companies to manage their employees more strategically and maximize their performance.
SAP SuccessFactors provides detailed capabilities for reporting and tracking individual employee
development. Working with company experts, Sargent & Lundy’s technical training team used
SuccessFactors to develop a wide range of training programs and learning plans for specific
technologies. Videos and online courses were added to the company’s training arsenal, along
with personalized learning plans for people working with specific disciplines and technologies.
Sargent & Lundy’s new recruits wanted more discussion and feedback on how well they were
performing on a day-to-day basis, so the company also implemented SAP Jam, SAP’s cloud-
based social collaboration program. Using SAP Jam made it even easier for employees to share
knowledge, often in real time.
Face-to-face meetings are still the primary way for staff to share knowledge about industry
trends, best practices, and innovative solutions. But Sargent & Lundy’s employees were too
geographically scattered to always meet in person. The company’s knowledge-sharing model
had to change to provide more knowledge sharing and employee conversations online.
4. What management, organization, and technology issues had to be addressed in selecting
and implementing the solution?
Management: Businesses today need to organize and manage both structured and
semistructured knowledge assets. Structured knowledge is explicit knowledge that exists in
formal documents as well as in formal rules that organizations derive by observing experts and
their decision-making behaviors. But according to experts, at least 80 percent of an
organization’s business content is semistructured or unstructured—information in folders,
messages, memos, proposals, emails, graphics, electronic slide presentations, and even videos
created in different formats and stored in many locations.
Organization: Face-to-face meetings are still the primary way for staff to share knowledge
about industry trends, best practices, and innovative solutions. But Sargent & Lundy’s
employees were too geographically scattered to always meet in person. The company’s
knowledge-sharing model had to change to provide more knowledge sharing and employee
conversations online.
SAP Jam was launched in late 2015, and in the year that followed there was a 125 percent
increase in participation. Many CoP groups are now using SAP Jam, including groups for specific
technical topics such as thermo hydraulics and non-technical groups such as one for women in
leadership. Employees of all levels can use Jam to discuss topics of interest, find answers to
questions, and check facts.
Technology: Besides improving employee learning, the tool has increased employee
engagement. Conversations in SAP Jam have identified areas for process improvement and
problems that need immediate technical staff attention.
A key problem in managing knowledge is the creation of an appropriate classification scheme,
or taxonomy, to organize information into meaningful categories so that it can be easily
accessed. Once the categories for classifying knowledge have been created, each knowledge
object needs to be “tagged,” or classified, so that it can be easily retrieved. Enterprise content
management systems have capabilities for tagging, interfacing with corporate databases and
content repositories, and creating enterprise knowledge portals that provide a single point of
access to information resources.
Case Study: The Reality of Virtual Reality
1. If your company wanted to implement a virtual reality application, what management,
organization, and technology factors should it consider?
Management: A major drawback of virtual reality is how it isolates people from others and from
real-world surroundings because they are immersed in a virtual world encased in a headset.
There is a gap between the hype and the reality of what VR can actually do for business.
Management needs to ensure that the company will receive concrete returns on investment.
Virtual reality shouldn’t be viewed as the next platform everyone’s going to use, because it’s
unclear that will be the case, according to Forrester Research analyst J. P. Gownder.
Organization: A business needs to be able to demonstrate that VR will solve a very specific
business problem, and must determine exactly how VR technology can improve its operations,
engage customers for highly configurable goods, or deliver new consumer experiences.
Technology: In many virtual reality systems, the user dons special clothing, headgear, and
equipment, depending on the application. The clothing contains sensors that record the user’s
movements and immediately transmit that information back to the computer. For instance, to
walk through a virtual reality simulation of a house, you would need garb that monitors the
movement of your feet, hands, and head. You also would need goggles containing video screens
and sometimes audio attachments and feeling gloves so that you can be immersed in the
computer feedback.
2. Should all businesses use virtual reality? Why or why not? What kinds of organizations will
benefit most from this technology?
The most popular virtual reality applications are currently in retail and manufacturing, where an
immersive experience can help customers visualize products or teach factory workers how to
use complex equipment.
Not all organizations will benefit from VR. Greg Meyers, CIO at Motorola Solutions, a data
communications and telecommunications equipment provider, doesn’t see any obvious
applications where virtual reality can help drive growth for his company. Virtual reality may be
useful for staging more effective meetings, but Meyers feels the company would derive more
benefit from using AI technology to help it make better and faster decisions.
Many enterprise applications of immersive technology are still in the piloting and
troubleshooting phases. Today’s virtual reality technology also lacks strong security and
management features appropriate for deployment in the enterprise, where VR applications
might need to be linked to the organization’s databases and major corporate systems.
According to research analyst Ian Hughes, for most workplace applications, shutting people off
from other people and the real world to engage in a virtual experience does not fit well with the
way people behave. Rather than a fully simulated work environment, for most tasks, Hughes
recommends blending real and virtual worlds. It’s better for technology to be extending the real
world rather than replacing it.
3. Do you think Facebook’s virtual reality strategy will be successful? Explain your answer.
Facebook wants to use virtual reality to create a new type of shared social experience. Facebook
envisions a virtual world with an imaginary social space where avatars that look like real people
“hang out” with other avatars representing friends and family. CEO Mark Zuckerberg believes
virtual reality provides a new and powerful way for his company to grow and expects one billion
people to use this medium.
The beta version of Spaces, Facebook’s virtual reality app for the Oculus Rift, was launched in
April 2018. Spaces is intended as a virtual hangout where you can interact with up to four
friends, each represented by self-created digital avatars. Inside Spaces you can also video chat
with friends via Facebook Messenger, do a Facebook Live broadcast, or take “selfies” in VR to
share with Facebook friends.
In Oculus Rooms for the Oculus Go, people can spend time together in a virtual world, chatting,
watching a movie, or playing cards. Oculus Go has a virtual reality TV viewing app called Oculus
TV where users can “sit” in a 3-D environment with a massive screen and watch a video with a
friend.

Case Study: Can Cars Drive Themselves—And Should They?

11-13 What are the management, organizational, and technology challenges posed by self-
driving car technology?
Management: Autonomous vehicle technology has reached a point where no automaker can
ignore it. Every major auto maker is racing to develop and perfect autonomous vehicles,
believing that the market for them could one day reach trillions of dollars.
Organizational: There’s still plenty that needs to be improved before self-driving vehicles could
safely take to the road. Autonomous vehicles are not yet able to operate safely in all weather
conditions. Heavy rain or snow can confuse current car radar and lidar systems-autonomous
vehicles can’t operate on their own in such weather conditions. These vehicles also have trouble
when tree branches hang too low or bridges and roads have faint lane markings. On some
roads, self-driving vehicles will have to make guidance decisions without the benefit of white
lines or clear demarcations at the edge of the road, including Botts’ Dots (small plastic markers
that define lanes). Botts’ Dots are not believed to be effective lane-marking for autonomous
vehicles.
Technology: A car that is supposed to take over driving from a human requires a very powerful
computer system that must process and analyze large amounts of data generated by myriad
sensors, cameras, and other devices to control and adjust steering, accelerating, and braking in
response to real-time conditions. Key technologies include: sensors, cameras, lidars, GPS, radar,
computer, machine learning, deep learning, computer vision technology and maps.
11-14 Are self-driving cars good business investments? Explain your answer.
Self-driving car companies are notorious for overhyping their progress. Should we believe
them? At this point, the outlook for them is clouded.
A self-driving car is essentially a collection of networked computers and sensors linked
wirelessly to the outside world, and it is no more secure than other networked systems. Keeping
systems safe from intruders who want to crash or weaponize cars may prove to be the greatest
challenge confronting autonomous vehicles in the future.

Self-driving cars require new ecosystems to support them, much as today’s cars are dependent
on garages, gasoline stations, and highway systems. New roads, highways, and automotive
supply chains will have to be rebuilt for self-driving cars. The big auto makers that build millions
of cars a year rely on complex, precise interaction among hundreds of companies, including
automotive component suppliers and the services to keep cars running. They need dealers to
sell the cars, gas pumps or charging stations to fuel them, body shops to fix them, and parking
lots to store them.
Manufacturers of autonomous vehicles need to rethink interactions and processes built up over
a century. The highway infrastructure will need to change over time to support autonomous
vehicles. Waymo has partnered with Avis to take care of its fleet of driverless minivans in
Arizona, and it’s working with a startup called Trov to insure their passengers. GM is retooling
one of its plants to produce Chevrolet Bolts without steering wheels or pedals.
11-15 What ethical and social issues are raised by self-driving car technology?
In March 2018, a self-driving Uber Volvo XC90 operating in autonomous mode struck and killed
a woman in Tempe, Arizona. Since the crash, Arizona has suspended autonomous vehicle testing
in the state, and Uber is not renewing its permit to test self-driving cars in California. The
company has also stopped testing autonomous cars in Pittsburgh and Toronto and it’s unclear
when it will be revived.
Even before the accident, Uber’s self-driving cars were having trouble driving through
construction zones and next to tall vehicles like big truck rigs. Uber’s drivers had to intervene far
more frequently than drivers in other autonomous car projects. The Uber accident raised
questions about whether autonomous vehicles were even ready to be tested on public roads
and how regulators should deal with this.
While proponents of self-driving cars like Tesla’s Elon Musk envision a self-driving world where
almost all traffic accidents would be eliminated, and the elderly and disabled could travel freely,
most Americans think otherwise. A Pew Research Center survey found that most people did not
want to ride in self-driving cars and were unsure if they would make roads more dangerous or
safer. Eighty-seven percent wanted a person always behind the wheel, ready to take over if
something went wrong.

Some pundits predict that in the next few decades, driverless technology will add $7 trillion to
the global economy and save hundreds of thousands of lives. At the same time, it could
devastate the auto industry along with gas stations, taxi drivers, and truckers. People might stop
buying cars because services like Uber using self-driving cars would be cheaper.

This could cause mass unemployment of taxi drivers and large reductions in auto sales. It would
also cut down the need for many parking garages and parking spaces, freeing up valuable real
estate for other purposes. More people might decide to live further from their workplaces
because autonomous vehicles linked to traffic systems would make traffic flow more smoothly
and free riders to work, nap, or watch video while commuting.
Some people will prosper. Most will probably benefit, but many will be left behind. Driverless
technology is estimated to change one in every nine U.S. jobs, although it will also create new
jobs. Another consideration is that the tremendous investment in autonomous vehicles,
estimated to be around $32 billion annually, might be better spent on improving public
transportation systems like trains and subways. Does America need more cars in sprawling
urban areas where highways are already jammed?
11-16 Will cars really be able to drive themselves without human operators? Should they?
How can autonomous vehicles communicate with humans and other machines to let them
know what they want to do? Researchers are investigating whether electronic signs and car-to-
car communication systems would solve this problem. There’s also what’s called the “trolley
problem”: In a situation where a crash is unavoidable, how does a robot car decide whom or
what to hit? Should it hit the car coming up on its left or a tree on the side of the road?
A computer-driven car that can handle any situation as well as a human under all conditions is
decades away at best.

Chapter 12: Enhancing Decision Making

12-1 What are the different types of decisions and how does the decision-making process
work? 12-2 How do information systems support the activities of managers and management
decision making?
12-3 How do business intelligence and business analytics support decision making?
12-4 How do different decision-making constituencies in an organization use business
intelligence and what is the role of information systems in helping people working in a group
make decisions more efficiently?

Case Study: Siemens Makes Business Processes More Visible

1. Identify the problem in this case study. What management, organization, and technology
factors contributed to the problem?

Aside from wanting to continually improve its business processes, Siemens needed to find a way
to stop managing its business processes manually. Billing inefficiencies were costing the
company millions of dollars. The company couldn’t take advantage of supplier discounts
because it was unable to pay quickly enough.
Management: Management was seeking better ways of making the business more efficient and
turned to business process mining technology.
Organization: Siemens has thousands of business processes, some of which are very complex.
the company established a unit called Process DAsh (which stands for Data Analytics, smart
handling) to actively support global process optimization in all Siemens divisions. It started
collecting and analyzing ERP data to identify bottlenecks in its production, delivery, and
payment processes using Celonis Process Mining analysis and visualization software for this
purpose.
Technology: Process mining software analyzes data in enterprise application event logs to
determine how business processes are actually working in order to identify bottlenecks and
other areas of inefficiency so that they can be improved. The technology can analyze millions of
transaction records and spot deviations from normal workflows. A push of a button produces a
snapshot of an entire business process. Process DAsh used the Celonis software to take all the
individual data in a large number of information systems and use them to construct logical
models of existing business processes and automatically visualize them. The software
documents actual processes in real time, as the sequence of events is taking place.
2. Describe the capabilities of process mining software. Was this an effective solution?
Explain your answer.
When process mining software is used to analyze the transaction logs of an ERP or CRM system,
data visualization capabilities in the software can show users what processes are running at any
given time. An organization might use process mining software to find the cause of unexpected
delays in invoice processing by examining the logs of the accounts payable module in its ERP
system. Users can see at a glance where inefficiencies occur through bottlenecks, unnecessary
detours, and manual interventions, or where compliance issues might arise. Some process
mining software, including Celonis, enables users to drill down to view the individual documents
associated with a process.
3. How did process mining change decision making at Siemens?
Siemens started using Celonis analysis and visualization tools to learn how quickly it pays its
suppliers. Some suppliers offer discounts for early payment. Siemens was often unable to take
advantage of these discounts because it was unable to pay quickly enough. The company used
process mining to analyze data from its ERP, accounting, and payment approval systems to
understand why this was happening. Siemens also used process mining to study inefficiencies in
the way it takes orders from and is paid by its customers (order-to-cash processes).

4. What management, organization, and technology issues need to be addressed when

implementing process mining systems?
Management: There was some resistance to process mining among some long-term Siemens
managers who thought they already knew how to handle processes efficiently. Lars
Reinkemeyer, head of Siemens global process mining services, was able to promote analytics
adoption by identifying individuals who were receptive to process mining and enlisting them to
promote the new technology. Since Siemens AG implemented process mining, it has been able
to identify slowdowns in parts procurement, late product deliveries, and billing inefficiencies
that were costing the company millions of dollars.
Organization: Before implementing the Celonis software, Siemens had to manage its business
processes manually. Individual supervisors were responsible for specific processes. When things
did not go as planned, such as when a machine broke down or a parts shipment arrived late,
there was no easy way to determine exactly how these occurrences impacted overall
operations.
Technology: If a process model doesn’t already exist, the software will try to create one
automatically, sometimes using artificial intelligence techniques such as machine learning. If a
process model is available, the process mining software will compare it to the event log to
identify discrepancies and their possible causes. For process modeling, Siemens uses a Celonis
tool called Pi Conformance and Machine Learning. The software predicts which customer orders
are likely to arrive late using algorithms that continuously learn from Siemens’ performance.

Case Study: Anthem Benefits from More Business Intelligence

1. Why did Anthem need better data and analytics tools for Human Resources? What
management, organization, and technology factors contributed to Anthem’s need for
better HR data and analytics?
Management: Anthem has been an industry leader in analyzing data to reduce fraud and waste,
cultivate customers, fine-tune its products, and keep healthcare costs low. For example, the
company analyzes the data it collects on benefit claims, clinical data, electronic health records,
lab results, and call centers to determine each person’s risk for an emergency room visit or a
stroke. This information helps the company identify opportunities for improvement and
individuals who might benefit from additional services or wellness coaching. Now Anthem is
applying its analytical skills internally to sharpen decisions about how to deploy and develop its
employees as a strategic resource.
Organization: To improve the HR department’s recruiting, hiring, promotion, and employee
development programs, Anthem needed better analytic tools and a single standardized
enterprise-wide view of its data.
Technology: Anthem’s human resources and talent data used to be scattered among many
different systems and spreadsheets, so they were difficult to aggregate and compare. Basic
questions such as “What is our turnover rate?” or “How many open positions do we have right
now?” produced different answers, depending on who was asked, even within the same
location or work group.
2. Describe the business intelligence capabilities of the PDC portal.
Anthem created a cloud-based People Data Central (PDC) portal, whose interactive “workforce
intelligence” dashboard lets HR and other Anthem users access and ask questions using internal
and third-party data. The portal serves 56,000 employees and presents data in dashboards,
graphs, reports, and other highly visual formats that are easy to comprehend and manipulate.
A high-level “executive scorecard” feature explores the relationship between Human Resources
metrics and business outcomes to use in short- and long-term planning. One scorecard report
showed the relationship between customer growth, Anthem’s net hire ratio, and total costs
associated with internal and external labor. PDC provides a total of seven dashboards on “hire-
to-retire” HR operations, 50 summary views from which users can drill down into detailed
reports, and links to other relevant data and training sources.
3. What groups in the company benefited from Anthem’s new analytics tools? Explain your
answer.
The company formed a Talent Insights team, whose members include MBAs, PhDs, and CPAs, to
develop more sophisticated data analysis and help users work with the data. The team worked
with Anthem’s Wellness team to examine data on employees who utilize company wellness
credits to determine whether this could be correlated with reduced absenteeism and employee
turnover. Every month, the team looks at a different slice of data using various indicators such
as company performance, employee participation in wellness programs, or reductions in
absenteeism. For example, one month the team broke down Anthem’s workforce by
generational age bands and examined the potential ramifications for company performance,
highlighting its analysis in the portal’s “insight spotlight” section.
The Anthem Talent Insights team is also helping other business groups outside of Human
Resources make better use of data. These employees from other functional business areas
typically have access only to the data for their business units. Talent Insights helps them
combine these data with HR data so they can answer questions such as how their high-potential
employees whose careers are advancing compare with those in other parts of the company. The
team developed a model that accurately predicts first-year attrition and identifies the causes of
employee turnover. Anthem management is using this information to increase employee
retention and create better profiles for future hires.

4. How did Anthem’s new data analytics capabilities change the Human Resources function
at the company?
The PDC is able to perform sentiment analysis. The portal includes a channel where employees
can voice their opinions about their work experiences confidentially, using emojis and limited
text entries. The system analyzes these ongoing sentiments to create “team vitals” reports to
help management identify and address potential productivity risks. The company often finds
information on which it can immediately take action, such as ideas for improving processes or
re-prioritizing resources.

Case Study: Is Predix GE’s Future?

12-13 How is GE changing its business strategy and business model? What is the role of
information technology in GE’s business?
The company is transitioning to a much more technology-centric business strategy and business
model. GE is selling off its division that makes refrigerators and microwave ovens along with
most of GE Capital financial services to focus on electric power generators, jet engines,
locomotives, and oil-refining gear and software to connect these devices to the cloud. GE is
putting its money on the technology that controls and monitors industrial machines as well as
software-powered, cloud-based services for analyzing and deriving value from the data. GE
hopes this strategy will turn it into a major software company.
12-14 On what business functions and level of decision making is GE focusing?
GE is using sensor-generated data from industrial machines to help customers monitor
equipment performance, prevent breakdowns, and assess the machines’ overall health. This
new technology is opening new opportunities for GE customers while also helping to transform
GE from a traditional manufacturer to a modern digital business. GE has committed $1 billion to
installing sensors on gas turbines, jet engines, and other machines; connecting them to the
cloud; and analyzing the resulting data to identify ways to improve machine productivity and
reliability. In other words, GE is betting its future on software and the Internet of Things (IoT).
12-15 Describe three kinds of decisions that can be supported using Predix. What is the value
to the firm of each of those decisions? Explain.
The foundation for all of GE’s Industrial Internet (IoT) applications is Predix, a software platform
launched in 2015 to collect data from industrial sensors and analyze the information in the
cloud. Predix can run on any cloud infrastructure. The platform has open standards and
protocols that allow customers to more easily and quickly connect their machines to the
Industrial Internet. The platform can accommodate the size and scale of industrial data for every
customer at current levels of use, but it also has been designed to scale up as demand grows.
Predix can offer apps developed by other companies as well as GE, is available for on-premises
or cloud-based deployment, and can be extended by customers with their own data sources,
algorithms, and code. Customers may develop their own custom applications for the Predix
platform. GE is also building a developer community to create apps that can be hosted on
Predix. Predix is not limited to industrial applications. It could be used for analyzing data in
healthcare systems, for example. GE now has a Health Cloud running on Predix. Data security is
embedded at all platform application layers, and this is essential for companies linking their
operations to the Internet.
GE currently uses Predix to monitor and maintain its own industrial products, such as wind
turbines, jet engines, and hydroelectric turbine systems. Predix is able to provide GE corporate
customers’ machine operators and maintenance engineers with real-time information to
schedule maintenance checks, improve machine efficiency, and reduce downtime. Helping
customers collect and use this operational data proactively would lower costs in GE service
agreements. When GE agrees to provide service for a customer’s machine, it often comes with a
performance guarantee. Proactive identification of potential issues that also takes the cost out
of shop visits helps the customer and helps GE.
In early 2013, GE began to use Predix to analyze data across its fleet of machines. By identifying
what made one machine more efficient or downtime-prone than another, GE could more tightly
manage its operations. For example, by using high performance analytics, GE learned that some
of its jet aircraft engines were beginning to require more frequent unscheduled maintenance. A
single engine’s operating data will only tell you there’s a problem with that engine. But by
collecting massive amounts of data and analyzing the data across its entire fleet of machines, GE
was able to cluster engine data by operating environment. The company found that the hot and
harsh environments in the Middle East and China caused engines to clog, heat up, and lose
efficiency, so they required more maintenance. GE found that engines had far fewer of these
problems if they were washed more frequently. Fleet analytics helped GE increase engine
lifetime and reduce engine maintenance.
12-16 To what extent is GE becoming a software company? Explain your answer.
GE wanted to go beyond helping its customers manage the performance of their GE machines
to managing the data on all of the machines in their entire operations, even those of other
manufacturers. Many customers use GE equipment alongside equipment from competitors. The
customer cares about running the whole plant, not just GE turbines, for example, and 80
percent of the equipment in these facilities is not from GE. If, for example, an oil and gas
customer has a problem with a turbo compressor, a heat exchanger upstream from that
compressor may be the source of the problem, so analyzing data from the turbo compressor
will only tell part of the story. Customers therefore want GE to analyze non-GE equipment and
help them keep their entire plant running. GE is in discussions with some customers about
managing sensor data from all of the machine assets in their operation.

In November 2017, Jeff Flannery, who succeeded Immelt as GE’s CEO, announced that spending
on GE Digital and Predix would be cut by more than 25 percent, or $400 million. Digital
initiatives are still critical to the company nevertheless, and Flannery wants Predix to generate
$1 billion in annual revenue. However, Flannery wanted this accomplished via a “more focused”
strategy. In July 2018, the company announced it was seeking a buyer for key parts of its digital
unit.
These events demonstrate that GE greatly underestimated the challenges of creating all the
software needed for analyzing Internet of Things (IoT) data to improve business processes
across a wide range of industries. GE’s technical expertise lies in designing and manufacturing
machines like power jet engines, plant turbines, and medical imaging equipment and in creating
the specialized software to control machines in factory operations. It was too much of a stretch
for GE Digital to move quickly into cloud-based software to handle all kinds of sensor and
machine data and big data analytics for the entire Industrial Internet. GE also faced difficulties
adapting its own legacy applications to Predix. GE had many algorithms for monitoring its
machines, but they were written in different coding languages and resided on other systems in
GE businesses. This made converting the software to run on Predix time consuming and
expensive. Predix has been pared back to be primarily a set of software tools to help write
applications, as opposed to connecting to layers of code to automate data analysis. GE Digital
now focuses on selling products for specific industrial applications tailored to GE’s existing
industrial customers rather than an all-purpose operating system and platform for the wider
industrial world.