Organizational Resource Management ORM 8

Information Systems (IS)

What is IS? IS – a set of interrelated components working together to collect, retrieve, process, store, and distribute information for the purpose of facilitating planning, control, coordination, analysis, and decision making in business organizations Input-process-output perspective People-organization-technology perspective

Why Do People Need Information? Information Systems Why Do People Need Information? Individuals - Entertainment and enlightenment Businesses - Decision making, problem solving and control 2

Data, Information, and Systems Data vs. Information Data A “given,” or fact; a number, a statement, or a picture Represents something in the real world The raw materials in the production of information Information Data that have meaning within a context Data in relationships Data after manipulation

Computer-based Information System An Information System is an organized combination of people, hardware, software, communication networks and the data resources that collects, transforms and disseminates information in a organization.

Data, Information, and Systems Generating Information Computer-based ISs take data as raw material, process it, and produce information as output. Figure 1.1 Input-process-output

Data, Information, and Systems What Is a System? System: A set of components that work together to achieve a common goal Subsystem: One part of a system where the products of more than one system are combined to reach an ultimate goal Closed system: Stand-alone system that has no contact with other systems Open system: System that interfaces with other systems

Data, Information, and Systems Figure 1.3 Several subsystems make up this corporate accounting system.

Data, Information, and Systems The Four Stages of Data Processing Input: Data is collected and entered into computer. Data processing: Data is manipulated into information using mathematical, statistical, and other tools. Output: Information is displayed or presented. Storage: Data and information are maintained for later use.

Ethical and Societal Issues The Not-So-Bright Side Consumer Privacy Organizations collect (and sometimes sell) huge amounts of data on individuals. Employee Privacy IT supports remote monitoring of employees, violating privacy and creating stress.

Ethical and Societal Issues The Not-So-Bright Side Freedom of Speech IT abridge free speech. IT Professionalism No mandatory or enforced code of ethics for IT professionals--unlike other professions. Social Inequality Less than 20% of the world’s population have ever used a PC; less than 3% have Internet access.

Activity 1 Share your experience of Information Systems incorporated in your company?

Role of IS

Expanding Roles of IS Data Processing: 1950s-1960s Management Reporting: 1960s-1970s Decision support: 1970s-1980s Strategic and End User Support: 1980s-1990s Global Internetworking: 1990s-2000s

Classification of IS Information Systems Operations Support System Management Support System Transaction processing systems Process control systems Office automation systems Management information systems Decision support systems Executive information systems

Other categories Expert systems End user computing systems Business information systems d) Strategic information systems a) Expert Systems are knowledge-based systems that provides expert advice and act as expert consultants to the users b) End user computing systems support the direct, hands on use of computers by end users for operational and managerial applications c) Business information systems support the operational and managerial applications of the basic business functions of a firm d) Strategic information systems provide a firm which strategic products, services, and capabilities for competitive advantage

Enterprise Resource Planning (ERP) Integrated programs that can manage a company’s entire set of business operations Often coordinate planning, inventory control, production and ordering

Information Systems Planning

Definition / Levels of IS Planning What is IS planning? The process of developing a view of the future that guides decision making today Stating the direction we want to go and how we intend to get there

The Changing World of Planning Evolution of strategic IS planning along with rapid change of Internet-driven technologies. Traditional style of planning no longer viable Command and control IS as a support function “Lifecycle” (static environment) Still need long-range vision but with flexibility and creativity 23

INFORMATION SYSTEMS IN THE ENTERPRISE

MANAGEMENT CHALLENGES KEY SYSTEM APPLICATIONS FUNCTIONAL PERSPECTIVE OF SYSTEMS INTEGRATING FUNCTIONS & PROCESSES *

TYPES OF INFORMATION SYSTEMS DATA WORKERS KIND OF SYSTEM GROUPS SERVED STRATEGIC LEVEL SENIOR MANAGERS MANAGEMENT LEVEL MIDDLE MANAGERS OPERATIONAL OPERATIONAL LEVEL MANAGERS KNOWLEDGE LEVEL KNOWLEDGE & SALES & MANUFACTURING FINANCE ACCOUNTING HUMAN RESOURCES MARKETING

MAJOR TYPES OF SYSTEMS EXECUTIVE SUPPORT SYSTEMS (ESS) DECISION SUPPORT SYSTEMS (DSS) MANAGEMENT INFORMATION SYSTEMS (MIS) KNOWLEDGE WORK SYSTEMS (KWS) OFFICE AUTOMATION SYSTEMS (OAS) TRANSACTION PROCESSING SYSTEMS (TPS) *

DECISION SUPPORT SYSTEMS (DSS) MANAGEMENT LEVEL INPUTS: LOW VOLUME DATA PROCESSING: INTERACTIVE OUTPUTS: DECISION ANALYSIS USERS: PROFESSIONALS, STAFF EXAMPLE: CONTRACT COST ANALYSIS

DECISION SUPPORT SYSTEMS (DSS) FLEXIBLE, ADAPTABLE, QUICK USER CONTROLS INPUTS/OUTPUTS NO PROFESSIONAL PROGRAMMING SUPPORTS DECISION PROCESS *

EXECUTIVE SUPPORT SYSTEMS (ESS) STRATEGIC LEVEL INPUTS: AGGREGATE DATA PROCESSING: INTERACTIVE OUTPUTS: PROJECTIONS USERS: SENIOR MANAGERS EXAMPLE: 5 YEAR OPERATING PLAN

EXECUTIVE SUPPORT SYSTEMS (ESS) TOP LEVEL MANAGEMENT DESIGNED TO THE INDIVIDUAL TIES CEO TO ALL LEVELS VERY EXPENSIVE TO KEEP UP EXTENSIVE SUPPORT STAFF *

SALES & MARKETING INFORMATION SYSTEM

MANUFACTURING INFORMATION SYSTEM

FINANCE & ACCOUNTING INFORMATION SYSTEM

HUMAN RESOURCES INFORMATION SYSTEM

Developing an Information Technology Risk Management Program

Information Security is the protection of data against unauthorized access or modification

What is “Risk”? Risk is intentionally exploit a particular information system vulnerability, and the resulting impact on the organization if this should occur (National Institute of Standards & Technology-NIST) Risk is the probability of a vulnerability being exploited in the current environment, leading to a degree of loss of confidentiality, integrity, or availability, of an asset. (Microsoft)

What is Risk Management? The goal of a risk management program is to protect the organization and its ability to perform its mission from IT-related risk

Risk Management is the Keystone of Information Security

Risk Management has Three Parts Risk Assessment - Determining where risks lie, and how big they are Risk Mitigation - Prioritizing, evaluating, and implementing appropriate risk-reducing controls Evaluation and Assessment – Since Risk Management is continuous and evolving, the past year’s Risk Management efforts should be assessed and evaluated prior to beginning the cycle again

Risk Management Process What is my risk? What will I do about it? How did I do? Risk Assessment Risk Mitigation RM Evaluation

Assessing Risk Phase has Three Steps Planning – Align your annual process with your budget; Specify your scope; Identify and pre-sell stakeholders; embrace subjectivity Facilitated Data Gathering – Identify tangible and intangible assets, threats, vulnerabilities, existing controls, probable impact Risk Prioritization – Determine probabilities, and combine impact with probability to produce a risk statement

Risk Mitigation Options Assume the Risk – Accept the risk and continue operating (how big is your appetite?) Avoid the Risk – Stop running the program or sharing the data Transfer the Risk – Use options to compensate for the loss, such as insurance Lessen the Risk – Implement controls that lessen the impact or lower the likelihood

Activity 3 Can Risk Assessment be done in terms of calculation of financial figures?