Page 1
1 1 MANAGEMENT INFORMATION SYSTEMS (MIS) Unit Structure 1.0 Objectives 1.1 Introduction 1.2 Introduction to MIS 1.3 MIS of Definition 1.4 MIS Meaning 1.5 Perspectives on Information Systems 1.6 Nature and scope of MIS 1.6.1 Features of MIS 1.7 Component of MIS 1.7.1 People Resources 1.7.2 Data Resources 1.7.3 Software Resources 1.8 Objectives of MIS 1.8.1 Data Capturing 1.8.2 Data Storage 1.8.3 Data Processing 1.8.4 Data and Information Distribution 1.8.5 Prediction and forecasting 1.8.6 Planning and control 1.9 Characteristics of MIS 1.9.1 System Approach 1.9.2 Management Oriented 1.9.3 Need Based 1.9.4 Exception Based 1.9.5 Future Oriented 1.9.6 Integrated 1.9.7 Long Term Planning 1.9.8 Sub System concept 1.9.9 Central Database 1.10 Advantages of MIS 1.11 Role of MIS munotes.in
Page 2
2 Management Information System
2 1.11.1 Decision Making 1.11.2 Coordination among the department 1.11.3 Finding out the problems 1.11.4 Comparison of Business Performance 1.11.5 Strategies for an Organization 1.12 Challenges of MIS 1.12.1 High cost 1.12.2 Training of Employee 1.12.3 Maintenance Cost 1.13 Limitations of MIS 1.14 Requirements of Management Information System 1.15 Summary 1.16 Reference for further reading 1.0 OBJECTIVES The main objective of learning this MIS subject is to make students understand that how MIS can provides the data to identify non-performing areas and leads to better business productivity and efficiency, better communication and helps in decision making and most important to get better knowledge of customer needs. 1.1 INTRODUCTION The main goal of MIS is to provide information for decision making on planning, imitating, organizing, and controlling the operations of the subsystems of the firm and to provide a systematic organization in the process. 1.2 INTRODUCTION TO MIS Management Information System is an integrated system that helps management with relevant information needed to run their business effectively and efficiently. The core aim is to make raw data into useful information that helps in managerial decision making. 1.3 MIS OF DEFINITION A management information system is an information system which is used for decision making and for the coordination, control, analysis and visualization of information in an organization. Its involves people, processes and technology in an organizational context. munotes.in
Page 3
3
Management Information
Systems (MIS) 1.4 MIS MEANING A management information system (MIS) is a computer system which is an electronic device comprises of hardware and software that serves as the backbone of an organization operations. 1.5 PERSPECTIVES ON INFORMATION SYSTEMS From business point of view information systems are a part of a series of value added activities for acquire, transforming and distributing information that managers can use to improve decision making, enhance organizational performance and ultimately increase firm profitability.
1.6 NATURE AND SCOPE OF MIS MIS can be referred as a system or a process which facilitates the smooth working of the organisation. The nature of MIS is truly manifold because its plays a vital role in business decision, from costs to employee management. 1.6.1 Features of MIS • MS is used or utilised by every level of a management. • It focuses on the strategic goals and objectives for the management. • It’s also provides an effective system to analyse costs and revenue and further reviews effectively and efficiently to bring a balance in finance and costs. • MIS is sustaining either through manual systems or automated system or a combination of both. • It also plays an accretive role in identifying, locating, measuring, tackling, and limiting risks.
munotes.in
Page 4
4 Management Information System
4 • It set down a framework which includes set of rules and regulation for the management to bring a clear and concise communication between employees. • It provides an impartial system for collecting, assessing, and aggregating information for a business. Scope of MIS MIS involves in performing a number of task simultaneously such as:- • Processing data • Initiating transaction • Responding to inquiries • Producing reports and its summaries • Manage the data created within the structure of a particular business. 1.7 COMPONENT OF MIS
1.7.1 People Resources Its includes end users and IS specialists. End users are also called as (user or clients) are the people who use an information system or the information it produces. 1.7.2 Data Resources Data resources are transformed by information processing activities into a variety of information products for end users. Information processing consists of input, processing, output, storage, and control activities. 1.7.3 Software Resources Software resources includes not only the sets of operating instructions called programs, which direct and control computer hardware, but also the sets of information processing instructions needed by people, called procedures.
munotes.in
Page 5
5
Management Information
Systems (MIS)
1.8 OBJECTIVES OF MIS
1.8.1 Data Capturing or Data Gathering It is the process of gathering data from various sources. This includes customer touch points like stores and e-commerce sites, mobile shopping, self-checkout etc. It can also come from output of one or more systems like sales, finances, market analysis, operation etc. and from digital, social media sites. All data
munotes.in
Page 6
6 Management Information System
6 collected and stored in a database or in data files. The data can be stored on various storage media like hard drives, DVDs etc. 1.8.2 Data Storage or Information Storage It means storing information in a safe manner so as to make it available for any future use. Cloud based application store data on virtual server converting raw data into meaningful information is what experts call data processing. 1.8.3 Data Processing Data processing is an important function of MIS as information is the core necessity for achieving competition advantage giving the right the information to the right person at the right time is termed as information distribution. The information could be in the form of a report, an image, a message, files, and a video or even audio. The gathered data needs to be processed in a system so that it can in help to the management. The data is processed into information which is used for planning, controlling, organizing, and directing functionalities at different levels of the organization. 1.8.4 Data and Information Distribution The Distribute Information process is responsible for getting information to stakeholders about the project in a timely manner. It describes how reports, and other information, are distributed and to whom. Executing the communications management plan also occurs during this process. Data is defined as 'groups of non-random symbols in the form of text, images, and voice representing quantities, action and objects'. Information is interpreted data; created from organized, structured, and processed data in a particular context. A set of information systems physically distributed over multiple sites, which are connected with some kind of communication network. 1.8.5 Prediction and forecasting To facilitate comparison, information is presented in the form of charts, tables and graphs with the help of modern arithmetic statics or simulation. MIS can predict business trends using historical as a base. Reports are generated based on the comparing needs to help management plain in advance enabling each functional department to work efficiently. 1.8.6 Planning and control One of the most important supporting tools in planning and control. It is computerized integrated system which gives accurate information about the past, present and projected. It helps to do analysis on variance, reason to enjoy success and most important to take further decision. Planning involves establishing goals and communicating these goals to employees of the organization. The control function assesses whether goals were achieved and is often used to evaluate the performance of employees, departments, and the organization as a whole. munotes.in
Page 7
7
Management Information
Systems (MIS) 1.9 Characteristics of MIS 1.9.1 System Approach The information system follows a System’s approach. The system’s approach implies a holistic approach to the study of system and its performance in the light for the objective for which it has been constituted. 1.9.2 Management Oriented The top-down approach must be followed while designing the MIS. The top-down approach suggests that the system development starts from the determination of management needs and overall business objectives. The MIS development plan should be derived from the overall business plan. Management oriented characteristic of MIS also implies that the management actively directs the system development efforts.
1.9.3 Need Based MIS design and development should be as per the information needs of managers at different levels, strategic planning level, management control level and operational control level. In other words, MIS should cater to the specific needs of managers in an organization’s hierarchy. 1.9.4 Exception Based MIS should be developed on the exception-based reporting principle, which means an abnormal situation, i.e. the maximum; minimum or expected values vary beyond tolerance limits. In such situations, there should BE exception reporting to the decision-maker at the required level.
munotes.in
Page 8
8 Management Information System
8 1.9.5 Future Oriented Besides exception-based reporting, MIS should also look at the future. In other words, MIS should not merely provide past or historical information; rather it should provide information, on the basis of projections based on which actions may be initiated. 1.9.6 Integrated Integration is a necessary characteristic of a management information system. Integration is significant because of its ability to produce more meaningful information. For example, in order to develop an effective production scheduling system, it is necessary to balance such factors as setup costs, Workforce, Overtime rates, Production capacity, Inventory level, Capital requirements and Customer services. 1.9.7 Long Term Planning MIS is developed over relatively long periods. Such a system does not develop overnight. A heavy element of planning is involved. The MIS designer must have the future objectives and needs of the company in mind. 1.9.8 Sub System concept The process of MIS development is quite complex and one is likely to lose insight frequently. Thus, the system, though viewed as a single entity, must be broken down into digestible sub-systems which are more meaningful at the planning stage 1.9.9 Central Database A central database is a mortar that holds the functional systems together. Each system requires access to the master file of data covering inventory, personnel, vendors, customers, etc. It seems logical to gather data once, validate it properly and place it on a central storage medium, which can be accessed by any other subsystem. 1.10 ADVANTAGES OF MIS A central database is a mortar that holds the functional systems together. Each system requires access to the master file of data covering inventory, personnel, vendors, customers, etc. It seems logical to gather data once, validate it properly and place it on a central storage medium, which can be accessed by any other subsystem. • Provide better customer service • Increase customer revenue • Discover new customer • Help sales staff close deals faster • Simplify marketing and sales processes munotes.in
Page 9
9
Management Information
Systems (MIS) 1.11 ROLE OF MIS A management information system (MIS) plays an important role in business organizations. 1.11.1 Decision Making Management Information System (MIS) plays a significant role in the decision-making process of any organization. In any organization, a decision is made on the basis of relevant information which can be retrieved from the MIS. 1.11.2 Coordination among the department Management Information System satisfies multiple need of an organization across the different functional department. 1.11.3 Finding out the problems As we know that MIS provides relevant information about every aspect of activities. Hence, if any mistake is made by the management then MIS, information will help in finding out the solution to that problem. 1.11.4 Comparison of Business Performance MIS store all past data and information in its Database. That why the management information system is very useful to compare business organization performance. 1.11.5 Strategies for an Organization Today each business is running in a competitive market. An MIS supports the organization to evolve appropriate strategies for the business to assent in a competitive environment.
munotes.in
Page 10
10 Management Information System
10 1.12 CHALLENGES OF MIS 1.12.1 High cost Development of new computerized based information system is a problem for the organization due to the cost factor and it creates problems because with the change of time there is need of up-to-date of the information system. 1.12.2 Training of Employee Employees should have the capacity of learning of the information system with the changing competitive and business environment; otherwise it will be difficult for the organization to stay in the market. 1.12.3 Maintenance Cost Sometimes a problem arises due to server crash and website crash. Sometimes it leads to the loss of information. So, maintenance cost is needed to tackle the above problem
1.13 LIMITATIONS OF MIS Even though MIS has many benefits but it also has its limitations. Limitations of MIS are discussed below: • While MIS may solve some critical problems but it is not a solution to all problems of an organization. • It cannot meet the special demands of each person. MIS if designed in an improper manner does not serve the management and hence is of little relevance.
munotes.in
Page 11
11
Management Information
Systems (MIS) • The MIS is not good if the basic data is obsolete and outdated. • Mostly information provided by the MIS is in quantities form. Hence, it ignores the qualitative information like the attitude of an employee. 1.14 REQUIREMENTS OF MANAGEMENT INFORMATION SYSTEM • Database • Qualified System and Management Staff • Top Management Support • Active Participation of Operating Management • Control and Maintenance of Management Information System • Evaluation of Management Information System 1.15 SUMMARY Management Information Systems (MIS), referred to as Information Management and Systems, is the discipline covering the application of people, technologies, and procedures collectively called information systems, to solving business problems. 1.16 REFERENCE FOR FURTHER READING. https://www.geektonight.com/what-is-mis/ https://www.google.com 1.17 BILBLIOGRAPGY https://www.geektonight.com/what-is-mis/ https://www.google.com MCQ FOR PRACTICE Q1. The back bone of any organization is_________ a. information’ b. employee’ c. Management d. Capital Q2. The flow of information through MIS is a. need dependent b. organization dependent c. information dependent d. management dependent munotes.in
Page 12
12 Management Information System
12 Q3. Internal information for MIS may come from any one of the following department. a. customers care department b. hr department c. marketing department d. production department Q4. MIS normally found in a manufacturing organization will not be suitable in the ______. a. service sector b. banking sector c. agriculture sector d. all of the above Q5. ______ involves the investigation of new approaches to existing problems a. systems analysis b. creative analysis c. critical analysis d. organizational analysis munotes.in
Page 13
13 2 MANAGEMENT INFORMATION SYSTEMS (MIS) -II Unit Structure 2.0 Objectives 2.1 Introduction 2.2 Impact of MIS 2.3 Functions and future of MIS 2.3.1 Data Capturing 2.3.2 Processing Data 2.3.4 Storage Information 2.3.5 Retrieval of Information 2.3.6 Dissemination of MI 2.4 MIS: A support to the management 2.4.1 Planning 2.4.2 Organization 2.4.3 Staffing 2.4.4 Directing 2.4.5 Coordinating 2.4.6 Controlling 2.5 MIS: organization effectiveness 2.5.1 Leadership 2.5.2 Communication 2.5.3 Accountability 2.5.4 Delivery 2.5.5 Performance 2.5.6 Measurement 2.6 MIS for a digital firm 2.6.1 The Network Revolution and the Internet 2.6.2 New Option for organization design: The digital firm and the collaborative Enterprise. 2.6.3 Electronic Commerce 2.6.4 Electronic Business 2.6.5 Intranet 2.6.6 Extranet 2.6.7 Positive Impact of Information Systems 2.7 Summary 2.8 Reference for further reading munotes.in
Page 14
14 Management Information System
14 2.0 OBJECTIVES The objective of the MIS is to provide information for a decision support in the process of management. It should help in such a way that the business goals are achieved in the most efficient manner. Since the decision making is not restricted to a particular level, the MIS is expected to support all the levels of the management in conducting the business operations. Unless the MIS becomes a management aid, it is not useful to the organization. 2.1 INTRODUCTION Management Information systems support the activities of managers in organizations. Management Information systems support various business strategies for competitive advantage. Information systems technology is a factor of production, like capital and labor. A System to convert Data from External and Internal Sources into Information and to communicate that Information, in an appropriate form, to Managers at all levels in all functions to enable them to make timely and effective decisions for planning, directing and controlling the activities for which they are responsible. 2.2 IMPACT OF MIS • As Management Information System plays a vital role in the organization; it creates an impact on the organization’s functions performance and productivity. • The impact of MIS on the functions is in its management with a good MIS support the management of marketing, finance, production and personnel becomes more efficient. • The tracking and monitoring of the functional targets becomes easy. • The functional managers are informed about the progress, achievements aby providing certain information indicating and probable trends in the various aspects of business. • This helps in forecasting and long-term perspective planning. • The manager’s attention is bought to a situation which is expected in nature, inducing him to take an action or a decision in the matter. • Disciplined information reporting system creates structure database and knowledge base for all the people in the organization. • The information is available in such a form that it can be used straight away by blending and analysis, saving the manager’s valuable time. • MIS creates another impact in the organization which relates to the understanding of the business itself. The MIS begins with the definition of data entity and its attributes. It uses a dictionary of data, munotes.in
Page 15
15
Management Information
Systems (MIS) -II entity and attributes, respectively, designed for information generation in the organization. • Since all the information system use the dictionary, there is common understanding of an event in the organization. • MIS calls for a systematization of the business operations for an effective system design. • This leads of streaming of the operations which complicates the system design. • It improves the administration of the business by bringing a discipline in its operations as everybody is required to follow and use systems and procedures. • This process brings a high degree of professionalism in the business operations. • The goals and objectives of MIS are the products of business goals and objectives. It can help indirectly to pull the entire organization in one direction towards the corporate goals and objective by providing the relevant information to the organization. • A design system with the focus on managers makes an impact on the managerial efficiency. • The fund of information motivates an enlightened manager to use a variety of tools of the management. • It helps him to resort to such exercise as experimentation and modeling . • The use of computer enables him to use manually. • The ready-made packages make this task simple. • The impact on the managerial ability to perform. • It improves decision making ability considerably high. • Since, the MIS works on the basic system such as transaction processing and database, the hard work of clerical work is transferred to the computerized system, relieving the human mind for better work. • It will be observed that lot of manpower is engaged in this activity in the organization. • 70 percent of the time is spent in recording, searching, processing and communicating. • This MIS has a direct impact on this overhead. • It creates information-based working culture in the organization. • Firms seek to economize on the cost of participating in markets (transaction costs). munotes.in
Page 16
16 Management Information System
16 • MIS lowers market transaction costs for firm, making it worthwhile for firms to transact with other firms rather than grow the number of employees. • Empowers lower-level employees to make decisions without supervision and increase management efficiency • Management span of control (the number of employees supervised by each manager) will also grow • MIS give both large and small organizations additional flexibility to overcome the limitations posed by their size. • Small organizations use information systems to acquire some of the muscle and reach of larger organizations. • Large organizations use information technology to achieve some of the agility and responsiveness of small organizations. • Customization and personalization: MIS makes it possible to tailor products and services to individuals. • Factors to consider while planning a new system: a) Organizational structure, hierarchy, specialization, routines, and business processes. b) The organization’s culture and politics. • The type of organization and its style of leadership: a) Groups affected by the system and the attitudes of workers who will be using the system. • The kinds of tasks, decisions, and business processes that the information system is designed to assist • Flexibility and multiple options for handling data and evaluating • information (CREAM WIZARD) • Capability to support a variety of management styles, skills, and knowledge. • Capability to keep track of many alternatives and consequences • sensitivity to the organization’s bureaucratic and political requirements. • Change Management: a) MIS become bound up in organizational politics because they influence access to a key resource (FINANCE). b) They potentially change an organization’s structure, culture, politics, and work. c) Most common reason for failure of large projects is due to organizational and political resistance to change. munotes.in
Page 17
17
Management Information
Systems (MIS) -II
2.3 FUNCTIONS AND FUTURE OF MIS MIS is set up by an organization with the prime objective to obtain management information to be used by its managers in decision-making. Thus, MIS must perform the following functions in order to meet its objectives. 1) Data Capturing: MIS captures data from various internal and external sources of an organization. Data capturing may be manual or through computer terminals. End users, typically record data about transactions on some physical medium such as paper form or enter it directly into a computer system. 2) Processing of data: The captured data is processed to convert it into the required management information. Processing data is done by such activities as calculating, comparing, sorting, classifying and summarizing. 3) Storage of information: MIS stores processed or unprocessed data for future use. If any information is not immediately required, it is saved as an organizational record. In this activity, data and information are retained in an organized manner for later use. Stored data is commonly organized into fields, records, files and databases. 4) Retrieval of information: MIS retrieves information from its stores as and when required by various users. As per the requirements of the management users, the retrieved information is either disseminated as such or it is processed again to meet the exact demands.
munotes.in
Page 18
18 Management Information System
18 5) Dissemination of MI: Management information, which is a finished product of MIS, is disseminated to the users in the organization. It could be periodic, through reports or online through computer terminals. 2.4 MIS: A SUPPORT TO THE MANAGEMENT The management process is executed through a variety of decisions taken at each step of planning, organizing, staffing, directing coordinating and control. If the management is able to spell out the decisions required to be taken, the MIS can be designed suitably.
Decisions in Management: Steps in management are: 1) Planning: A selection from various alternatives –strategic, resources, methods, etc. 2) Organization: A selection of a combination out of several combinations of the goals, people, resources, method and authority. 3) Staffing: providing a proper manpower complement. 4) Directing: Choosing a method from various methods of directing the efforts in the organization. 5) Coordinating: Choice of the tools and the techniques for coordination the efforts for optimum results. 6) Controlling: A selection of the exceptional conditions and the decision guidelines.
munotes.in
Page 19
19
Management Information
Systems (MIS) -II 2.5 MIS: ORGANIZATION EFFECTIVENESS • MIS plays a very important role in the organization; it creates an impact on the organization's functions, performance and productivity. The impact of MIS on the functions is in its management with a good MIS supports the management of marketing, finance, production and personnel becomes more efficient. • It can be defined as the efficiency with which an association is able to meet its objectives. • This means an organization that produces a desired effect without waste. • Organizational effectiveness is about each individual doing everything they know how to do and doing it well; in other words organizational efficiency is the capacity of an organization to produce the desired results • with a minimum expenditure of energy, time, money, and human and material resources. • The six systems are broader in scope than functional departments and must be understood independently and interpedently as part of an integrated whole. • The six systems set up the conditions and components necessary to create a healthy, high performing organizations.
munotes.in
Page 20
20 Management Information System
20 1) Leadership : To achieve high performance or sustain results, leaders must define and refine key processes and execute them with daily discipline. They must translate vision and values into strategy and objectives, processes and practices, actions and accountabilities, execution and performance. Leader addresses three questions: a) Vision and Value b) Strategy and Approach c) Structure and Alignment 2) Communication: Leader should maximize their contribution to daily conversations, they must engage and align people around a common cause, reduce uncertainty, keep people focused, equip people for moments of truth that creates on-table culture, prevent excuses, learn from experience , treat mistakes as intellectual capital, and leverage the power of leadership decisions to shape beliefs and behaviours. 3) Accountability: Leaders translate vision and strategic direction into goals and objectives actions and accountabilities. Performance accountability systems clarify what is expected of people and align consequences or rewards with actual performance. Leaders need to build discipline into their leadership process and management cycle to achieve accountability, predictability, learning, renewal, and sustainability. 4) Delivery: The best organizations develop simple process that is internally efficient, locally responsive, and globally adaptable. Complexity is removed from the customer experience to enable them to engage in way as those are elegant and satisfying. Establishing and optimizing operational performance is an ongoing journey. 5) Performance: The human performance system is designed to attract, develop, and retain the most talented people. The idea is to hire the best people and help them develop their skills, talents, and knowledge over time. 6) Measurement: A system of metrics, reviews and course corrections keep the business on track. Organizations need concrete measures that facilitate quality control, consistent behaviours, and predictable productivity and results. munotes.in
Page 21
21
Management Information
Systems (MIS) -II
2.6 MIS A DIGITAL FIRM • The Network Revolution and the Internet: The internet 1) The Internet 2) International network of networks 3) Universal technology platform: Any computer can communicate with any other computer 4) World Wide Web and Web sites • The Network Revolution and the Internet: What You Can Do on the Internet 1) Communicate and collaborate 2) Access information 3) Participate in discussions 4) Supply information 5) Find entertainment 6) Exchange business transactions • New Options for Organizational Design: • The Digital Firm and the Collaborative Enterprise 1) Flattening organizations 2) Separating work from location 3) Reorganizing workflows 4) Increasing flexibility 5) Redefining organizational boundaries
munotes.in
Page 22
22 Management Information System
22 • Electronic commerce • Electronic business • Digital market: Information system that links buyers and sellers to exchange information, products, services, payments • Electronic Commerce (e-commerce): buying and selling goods and services electronically • Electronic Business: executing all the firm’s business processes with Internet technology • Intranet: private, secure business network based on Internet technology • Extranet: extension of intranet to authorized external users Positive Impacts of Information Systems • Faster calculations and paperwork • Analysis of customer purchase patterns and preferences • More efficient business services • Medical advances • Instant global distribution of information 2.15 SUMMARY An organization technically is a formal social structure that produces outputs. • An organization behaviorally is a collection of obligations and responsibilities that is balanced over periods of conflict and conflict resolution. • Organizations have hierarchy structure, accountability, principles of efficiency, routines and processes, organizational politics, culture and environment...etc An organization technically is a formal social structure that produces outputs. • An organization behaviorally is a collection of obligations and responsibilities that is balanced over periods of conflict and conflict resolution. • Organizations have hierarchy structure, accountability, principles of efficiency, routines and processes, organizational politics, culture and environment...etc An organization technically is a formal social structure that produces outputs. munotes.in
Page 23
23
Management Information
Systems (MIS) -II • An organization behaviorally is a collection of obligations and responsibilities that is balanced over periods of conflict and conflict resolution. • Organizations have hierarchy structure, accountability, principles of efficiency, routines and processes, organizational politics, culture and environment...etc An organization technically is a formal social structure that produces outputs. • An organization behaviorally is a collection of obligations and responsibilities that is balanced over periods of conflict and conflict resolution. • Organizations have hierarchy structure, accountability, principles of efficiency, routines and processes, organizational politics, culture and environment. This course will help the students to understand the importance and the impact of MIS in various business sectors. How MIS evolved over the time and its helps the organization in decision making. 2.16 REFERENCE FOR FURTHER READING. https://www.slideshare.net/ https://www.learnpick.in/ http://www.openlearningworld.com/ https://ecomputernotes.com/ https://www.geektonight.com/what-is-mis/ https://www.google.com 2.17 BILBLIOGRAPGY https://www.slideshare.net/ https://www.learnpick.in/ https://ecomputernotes.com/ http://www.openlearningworld.com/ https://www.geektonight.com/what-is-mis/ https://www.google.com munotes.in
Page 24
24 Management Information System
24 MCQ FOR PRACTICE Q1. The information of MIS comes from the boot _______ source. A. Internal B. External C. Superficial D. internal and external Q2. MIS is normally found in ______sector A. Service B. Education C. Manufacturing D. Marketing Q3. Management information system usually NOT serves managers interested in _______ results. A. weekly B. monthly C. yearly D. day-to-day Q4. _______ is an important factor of a management information system. A. Information B. System C. Planning D. Personnel Q5. Information technology is the combination of computer science and ______ A. telecommunications B. electronics C. digital marketing D. networking munotes.in
Page 25
25 3 ORGANIZATIONS AND INFORMATION SYSTEMS Unit Structure 3.0 Introduction to Information System and MIS 3.1 Modern Organization 3.2 Information Systems in Organizations 3.3 Managing Information Systems in Organizations 3.4 List of References 3.5 Quiz 3.6 Exercise 3.7 Video Links 3.0 INTRODUCTION TO INFORMATION SYSTEM AND MIS What is IS? An information system (IS) can be any organized combination of people, hardware, software, communications networks, data resources, and policies and procedures that stores, retrieves, transforms, and disseminates information in an organization. People rely on modern information systems to communicate with one another using a variety of physical devices (hardware), information processing instructions and procedures (software), communications channels (networks), and stored data (data resources). Although today’s information systems are typically thought of as having something to do with computers, we have been using information systems since the dawn of civilization. An Information System can be described in two different ways: the components that make up an information system and the role that those components play in an organization. Information systems support an organization's business operations, managerial decision making and strategic competitive advantage. Such system is called roles of information systems. An information system depends on the resources of people (end users and IS specialists), hardware (machines and media), software (programs and procedures), data (data and knowledge bases), and networks munotes.in
Page 26
26 Management Information System
26 (communications media and network support) to perform input, processing, output, storage, and control activities that transform data resources into information products. This information system model highlights the relationships among the components and activities of information systems. It also provides a framework that emphasizes four major concepts that can be applied to all types of information systems: • People, hardware, software, data, and networks are the five basic resources of information systems. • People resources include end users and IS specialists, hardware resources consist of machines and media, software resources include both programs and procedures, data resources include data and knowledge bases, and network resources include communications media and networks. • Data resources are transformed by information processing activities into a variety of information products for end users. • Information processing consists of the system activities of input, processing, output, storage, and control. All information systems use people, hardware, software, data, and network resources to perform input, processing, output, storage, and control activities that transform data resources into information products.
The components of an information system An information system consists of five major resources: people, hardware, software, data, and networks. Let’s briefly discuss several basic concepts and examples of the roles these resources play as the fundamental components of information systems. You should be able to recognize these five components at work in any type of information system you encounter in the real world.
munotes.in
Page 27
27
Organizations and
Information Systems People are the essential ingredient for the successful operation of all information systems. These people resources include end users and IS specialists. • End users (also called users or clients) are people who use an information system or the information it produces. They can be customers, salespersons, engineers, clerks, accountants, or managers and are found at all levels of an organization. In fact, most of us are information system end users. Most end users in business are knowledge workers, that is, people who spend most of their time communicating and collaborating in teams and workgroups and creating, using, and distributing information. • IS specialists are people who develop and operate information systems. They include systems analysts, software developers, system operators, and other managerial, technical, and clerical IS personnel. Briefly, systems analysts design information systems based on the information requirements of end users, software developers create computer programs based on the specifications of systems analysts, and system operators help monitor and operate large computer systems and networks. Components of IS • Computer hardware This is the physical technology that works with information. Hardware can be as small as a smartphone that fits in a pocket or as large as a supercomputer that fills a building. Hardware also includes the peripheral devices that work with computers, such as keyboards, external disk drives, and routers. With the rise of the Internet of things, in which anything from home appliances to cars to clothes will be able to receive and transmit data, sensors that interact with computers are permeating the human environment. • Computer software The hardware needs to know what to do, and that is the role of software. Software can be divided into two types: system software and application software. The primary piece of system software is the operating system, such as Windows or iOS, which manages the hardware’s operation. Application software is designed for specific tasks, such as handling a spreadsheet, creating a document, or designing a Web page. • Telecommunications This component connects the hardware together to form a network. Information technology is the combination of computer science and telecommunications. Connections can be through wires, such as Ethernet cables or fibre optics, or wireless, such as through WiFi. A network can be munotes.in
Page 28
28 Management Information System
28 designed to tie together computers in a specific area, such as an office or a school, through a local area network (LAN). When computers are more distributed, the network is called a wide area network (WAN). The Internet itself can be thought of as a network of networks. • Database and Data Warehouse This component contains "materials" that work with other components. A database is a place where data is collected and can be retrieved by querying it using one or more specific criteria. A data warehouse contains all data in any format required by your organization. Databases and data warehouses have become even more important in information systems with the advent of “big data,” a term that refers to a truly huge amount of data that can be collected and analysed. • Human Resources and Procedures The last and perhaps most important component of an information system is the human element. So that the knowledge contained in massive databases and data warehouses can be turned into learning, the people needed to execute systems and the procedures they follow can interpret what has happened in the past and guide future actions.
What is MIS? A management information system (MIS) can be defined as a system that: • Provides information to support managerial functions like planning, organizing, directing, controlling. • Collects information in a systematic and a routine manner which is in accordance with a well-defined set of rules.
munotes.in
Page 29
29
Organizations and
Information Systems • Includes files, hardware, software and operations research models of processing, storing, retrieving and transmitting information to the users. A management information system (MIS) is a subset of the overall internal controls of a business covering the application of people, documents, technologies, and procedures by management accountants to solving business problems such as costing a product, service or a business wide strategy. Management information systems are distinct from regular information systems in that they are used to analyse other information systems applied in operational activities in the organization. From an academic point of view, the term is commonly used to refer to a group of information management technologies related to, for example, automation or human decision support. Decision support systems, expert systems and information systems for managers. Objectives of Management Information Systems (MIS) • Accelerate the decision-making process by providing timely information. This helps decision makers choose the best course of action. • Provides information needed to function at each level of government. • Helps to identify critical factors for closely monitoring the successful functioning of an organization. • Support decision making in both structured and unstructured problem environments. • Provides documentation systems for people, computers, procedures, means of interactive querying, collection, classification, retrieval, and transmission of information to users. Characteristics of Management Information Systems (MIS) • Management Oriented: The system is designed to work from top to bottom. This does not mean that the system is designed to provide information directly to senior management. Relevant information is also provided for other levels of management. For example, in a marketing information system, activities such as processing sales orders, shipping products to customers, and issuing product invoices are mostly operational control activities. Merchants may also track this information to know sales territories, order sizes, territories and product lines if the system is properly designed. However, if the system is designed keeping in mind the top management, then data on external competition, market and pricing can be created to know the market share of the company’s product and to serve as a basis of a new product or market place introduction. • Management Directed: Because of management orientation of MIS, it is necessary that management should actively direct the system munotes.in
Page 30
30 Management Information System
30 development efforts. In order to ensure the effectiveness of system designed, management should continuously make reviews. • Integrated: The world “integration” means that the system has to cover all the functional areas of an organization so as to produce more meaningful management information, with a view to achieving the objectives of the organization. It has to consider various subsystem their objectives, information needs, and recognize the interdependence, that these subsystems have amongst themselves, so that common areas of information are identified and processed without repetition and overlapping • Common Data Flows: Because of the integration concept of MIS, common data flow concept avoids repetition and overlapping in data collection and storage combining similar functions, and simplifying operations wherever possible. • Heavy Planning Elements: Management information systems cannot be built overnight. It takes two to four years for organizations to successfully implement it. Therefore, the development of MIS requires long-term planning to meet the future needs and goals of the organization. Therefore, the developer of an information system must ensure that the information system is deprecated before it is put into practice. • Flexibility and Ease of Use: When building a MIS system, it makes it flexible by adding all possible types of tools that may appear in the future. A feature that is often combined with flexibility is ease of use. A MIS should be easy to use and include all the features that make it easily accessible to a wide range of users. 3.1 MODERN ORGANIZATION Organisation establishes relationship between people, work and resources. It is a process of identifying and grouping of work to be performed and defining and delegating the responsibility and authority. Responsibility always flows from subordinate to superior whereas Authority always flows from superior to subordinate. A modern organizational structure does not have a hierarchical, top-down power arrangement. Also referred to as a contemporary organizational structure, it removes the departmental boundaries between employees and has them work on projects together in pursuit of the business' goals. Employees working on projects receive requirements and productivity goals but have the power to determine for themselves the best way to complete the project. Typically, this structure promotes sharing skills and resources across the organization to reach its goals. A structural chart is a graphic representation of the modules in the system and the interconnection between them munotes.in
Page 31
31
Organizations and
Information Systems
Types of modern organizational structures include: • Matrix organizational structure When following this structure, the organization still has departments but creates project groups that include employees from different departments. An employee working in this structure can have two managers: a project manager and a functional manager or department head. For example, an organization launching a new product might create a project team that includes people from research and development, marketing, and finance. Benefits of this type of structure include: Enabling a flexible work environment Fostering a balanced decision-making process Promoting open communication and shared resources across the business Potential disadvantages include: Creating confusion about authority Tracking budgets and resources can be difficult Limiting efficiency of key performance indicators (KPIs) • Flat Organizational Structure This structure is suitable for small companies or start-ups as the organization removes intermediate levels of management between employees and managers. Here, employees have little control and freedom to form teams and choose projects to work on based on interests or skills.
munotes.in
Page 32
32 Management Information System
32 Benefits of this type of structure include: Reducing budget costs due to lack of middle management Building relationships between staff and superiors Facilitating a quicker, easier decision-making process Potential disadvantages include: Requiring extensive planning to be effective Causing confusion over who makes decisions Requiring contingency plans to resolve conflicts • Hierarchical structure In a hierarchical organizational structure, employees are grouped and assigned a supervisor. It is the most common type of organizational structure. Employees may be grouped together by their role or function, geography or type of products or services they provide. This structure is often depicted as a pyramid because there are multiple levels or authority with the highest level of leadership at the top, their direct employees below them and so forth. Benefits of this type of structure include: Establishing clearly defined levels of authority Promoting teamwork and department loyalty Fostering employee development and promotion opportunities Potential disadvantages include: Limiting collaboration Restricting innovation Creating bureaucracy that must be managed • Functional structure In a functional structure, the organization is divided into groups by roles, responsibilities or specialties. For example, within an organization you may have a marketing department, finance department and sales department with each overseen by a manager who also, has a supervisor that oversees multiple departments. A functional structure can be beneficial because departments can trust that their employees have the skills and expertise needed to support their goals. Benefits of this type of structure include: Establishing clearly defined roles and expectations Facilitating improved performance and productivity munotes.in
Page 33
33
Organizations and
Information Systems Allowing for skill development and specialization Potential disadvantages include: Creating barriers, or silos, between functions Limiting employees’ communication and knowledge with other departments Inhibiting collaboration and innovation • Divisional Structure In a divisional structure, organizations are split into divisions based on specific products, services or geographies. For this reason, this structure is typically used by large companies that operate in wide geographic areas or own separate, smaller companies. Each division has its own executive leadership, departments and resources. For example, a large software company may separate its organization based on product type, so there's a cloud software division, corporate software division and a personal computing software division. Benefits of this structure include: Allowing divisions to work independently Meeting individual divisions' needs more quickly and specifically Promoting focus of specific products or services Potential disadvantages include: Scaling limitations Duplicating resources or activities Decentralizing decision-making • Network Structure In a network structure, managers at an organization will coordinate relationships with both internal and external entities to deliver their products or services. For example, a retail company will just focus on selling clothing items but will outsource the design and production of these items in a partnership with other company. This structure focuses more on open communication and relationships than hierarchy. Benefits of this type of structure include: Giving the organization more agility and flexibility Allowing the core company to focus on what it's best at Helping lower costs through outsourcing munotes.in
Page 34
34 Management Information System
34 Potential disadvantages include: Duplicating services and resources Creating confusion about specific roles and job functions Growing too complex and difficult to manage • Line Structure In a line structure, authority within the organization flows from top to bottom and there are no specialized or supportive services. It is one of the simplest types of organization structure. It is also known as Military organisation. The organization is typically divided into departments that are overseen and controlled by a general manager, and each department has its own manager with authority over its staff. The departments work independently to support the organization's primary goal. Benefits of this type of structure include: Fostering effective communication and stable environment Providing clearly defined responsibilities and lines of authority Adapting easily to changing conditions or situations Potential disadvantages include: Limiting specialization Becoming rigid and inflexible Giving too much power to a manager • Team – based Structure In a team-based organizational structure, employees are grouped into skills-based teams to work on specific tasks while all working toward a common goal. Often, this is a flexible structure that allows employees to move from team to team as they complete projects. This structure focuses on problem-solving and employee cooperation. Benefits of this type of structure include: Helping streamline an organization's processes by breaking down silos Enabling more decision-making power with minimal management Increasing flexibility by focusing on experience instead of seniority munotes.in
Page 35
35
Organizations and
Information Systems Potential disadvantages include: Decreasing organization consistency Limiting contact with other functions Increasing potential for conflict • Circular Structure A circular organizational structure relies on hierarchy to depict higher-level employees within the inner rings of a circle and the lower-level employees along the outer rings. Seated at the center of the organization, leaders do not send orders down the chain of command, but rather outward. While many of the other structure types contain different departments that work independently with individual goals, this structure removes that strict separation and looks at the bigger picture with all departments being part of the same whole. Benefits of this type of structure include: Encouraging communication across all levels of staff Promoting free flow of information across the business Collaborating amongst departments, rather than separation Potential disadvantages include: Causing confusion over who to report to Requiring more resources and training Causing slowdown in decision-making • Process – based structure In a process-based structure, the organization is designed around the flow of its processes and how the duties performed by its employees interact with one another. Instead of flowing from top to bottom, this structure outline services from left to right. An executive at the top of the structure oversees the departments below, which represents the different processes, but each process cannot start until the one before it has finished. And each department will have its own management and team working to fulfil their duties so that the business can move onto the next task and eventually reach its ultimate goal, such as selling a product to consumers. Benefits of this type of structure include: Improving business' efficiency and speed Encouraging teamwork between departments Adapting easily to meet industry changes Potential disadvantages include: Erecting barriers, or silos, between groups Limiting communication Requiring more resources to achieve process optimization munotes.in
Page 36
36 Management Information System
36 3.2 INFORMATION SYSTEMS IN ORGANIZATIONS How does IS help in Organizations? • Seamless communication. A key component of organizational leadership and management is gathering and distributing information so that every position has the things they need to succeed in their company role. Information systems assist in disseminating information by allowing managers and other organization leaders to store data in folders and documents that can be seamlessly shared with the appropriate employees. Most information systems also allow users to communicate remotely so that no matter where an employee is, they can receive information and react accordingly. • More efficient operations management. Information systems enable organizations to collect and access recent information as well as keep a comprehensive collection of all organization data. Combined, this enables businesses to operate more efficiently as things like real time sales data offer insights into immediate customer purchases to inform better stocking or production practices. • Better record keeping. No matter what industry an organization is in, efficient record keeping is necessary. There are industry regulations that need to be adhered to and recorded proof those regulations have been adhered to. Then there is the long list of different financial records that are a component of every business. Information systems make record keeping easier, faster, and more accurate with features that enable document storage, revision histories, communication records, and other aspects of operational data. This type of record keeping is not just useful for ensuring an organization stays within the necessary regulatory and financial lines, but it also assists business leaders in preparing cost estimates and making better forecasts to understand how certain past actions influenced operations. • More informed decision making. This point bears repeating as frequently information systems are used to inform the decision-making processes that can make or break an organization. Organizations and corporate leaders need the most accurate and up-to-date information to make the best decisions for the future of their group. In addition to providing historical trends, information systems can be configured to provide real-time business information and predict future opportunities. Successful organizations, large and small, use available technology to manage their business activities and aid decision-making. They use munotes.in
Page 37
37
Organizations and
Information Systems information systems to collect data and process it according to the needs of analysts, managers, or business owners. Businesses use a variety of information systems to operate more efficiently by interacting with customers and partners, reducing costs, and generating revenue. 3.3 MANAGING INFORMATION SYSTEMS IN ORGANIZATIONS Management information systems (MIS) provide information in the form of reports and displays to managers and many business professionals. Management information system is an integrated human-machine based system. For example, sales managers may use their networked computers and Web browsers to receive instantaneous displays about the sales results of their products and access their corporate intranet for daily sales analysis reports that evaluate sales made by each salesperson. Managers and other decision makers use an MIS to request information at their networked workstations that supports their decision-making activities. This information takes the form of periodic reports, exceptions and requirements reports, and immediate responses to inquiries. Web browsers, applications, and database management software provide access to information on an organization's intranet and other operational databases. Remember that online databases are supported by transaction processing systems. Business environment data is pulled from databases on the Internet or extranets when needed. The information of MIS comes from the both internal and external source. System is an important factor of a management information system. The Management Information System provides managers with a variety of information products. These systems provide four main reporting options. • Periodic Scheduling Report. This traditional format of providing information to managers uses a predetermined format designed to provide information to managers on a regular basis. Common examples of these regular scheduled reports are daily or weekly sales analysis reports and monthly financial reports. • Exception Report. In some cases, the report is generated only when exception condition occurs, in other cases the report is generated periodically, but only contains information about these exception conditions. For example, credit manager may be provided with a report that includes only information about customers who have exceeded their credit limits. Exception reporting reduces information overload instead of overwhelming decision makers with regular detailed business activity reports. munotes.in
Page 38
38 Management Information System
38 • Request and Response Reports. Information is available whenever an administrator needs it. For example, through a web browser, DBMS query language and report generator, administrators of PC workstations can obtain immediate responses as a result of requests for necessary information, or find and receive customized reports. Therefore, managers do not have to wait for the scheduled regular report to arrive. • Send report. The information is sent to the administrator's network workstation. In organization, management information systems tools used for supporting processes, operations, intelligence, information technology etc. MIS tools are used for moving and managing information. They are the core of information management discipline. Ms produces data driven reports which helps businesses to make correct decisions in perfect time. MIS overlaps with other business disciplines but there are some differences. • Enterprise Resource Planning (ERP): this discipline ensures that all departmental systems are integrated. MIS uses all connected systems to access the data generate reports. • IT Management: this department look into the installation and maintenance of hardware and software which are the parts of the MIS. The distinction between the two has always been fuzzy. • E-commerce: this activity provides the data that will be using and generating the report which will affect the ecommerce processes further. 3.4 LIST OF REFERENCES • Management Information System, James O‘Brien, 7th edition, TMH • Introduction to Information System, James O‘Brien, George M. Marakas 15th edition, TMH, ISBN 978–0-07–337677-6 • Introduction to Management Information Systems (MIS) - MBA Knowledge Base (mbaknol.com) • Chapter 1: What Is an Information System? – Information Systems for Business and Beyond (pressbooks.com) • 5 Components of Information Systems | Britannica • Traditional Organization Structure: Definition and Differences From the Modern Organizational Structure | Indeed.com • How Do Information Systems Help Organizations Thrive? (ecpi.edu) • The Role of Management Information Systems | Smartsheet munotes.in
Page 39
39
Organizations and
Information Systems • 10 Types of Organizational Structures (With Pros and Cons) | Indeed.com • The Role of Management Information Systems | Smartsheet 3.5 QUIZ 1. Information systems support an organization's business operations, managerial decision making and strategic competitive advantage. Such system is called a) Business process reengineering b) Roles of information systems c) Globalization d) Competitive advantage 2. ________ is a graphic representation of the modules in the system and the interconnection between them. a) Structural chart b) System chart c) Flow chart d) Pie chart 3. The information of MIS comes from the boot _______ source. a) Only Internal b) Only External c) Both Internal & External d) superficial 4. _______ is an important factor of a management information system. a) Information b) Planning c) Personnel d) System 5. Management information system is __________human-machine based system. a) an integrated b) an interpreted c) an interdependent d) an independent 6. Information technology is the combination of computer science and _____. munotes.in
Page 40
40 Management Information System
40 a) electronics b) telecommunications c) digital marketing d) networking 7. How can organisational structures that are characterised by democratic and inclusive styles of management be described? a) Hierarchical b) Flat c) Functional d) Matrix 8. Functional structures help to create _____ of work task a) specialisation b) teamwork c) project work groups d) multi-skilled employees. 9. What is not a purpose of an organisational structure? a) To formalise authority b) To limit workers' rights c) To coordinate people and resources d) To organise lines of communication block group 10. Specialisation is a feature of which organisational structure? a) Matrix b) Divisional c) Multi-divisional d) Functional 11. What is I in MIS? a) Information b) Informative c) Inform d) Informa 12. Organisation establishes relationship between? a) People, work and resources b) Customer, work and resources c) People, work and management d) Customer, work and management e) munotes.in
Page 41
41
Organizations and
Information Systems 13. Organisation is a process of A: Identifying and grouping of work to be performed B: Defining and delegating the responsibility and authority a) Only A b) Only B c) Both A & B d) Neither A nor B 14. Responsibility always flows from_____ A: Superior to subordinate B: Subordinate to superior a) Only A b) Only B c) Both A & B d) Neither A nor B 15. Authority always flows from_____ A: Superior to subordinate B: Subordinate to superior a) Only A b) Only B c) Both A & B d) Neither A nor B 16. The following is not a type of organisation structure _____. a) Line organisation b) Functional organisation c) Line and staff organisation d) Flexible organisation 17. The following is also known as Military organisation. a) Line organisation b) Functional organisation c) Circular organisation d) Flexible organisation 18. A credit manager may be provided with a report that includes only information about customers who have exceeded their credit limits. This is an example of ______ report. munotes.in
Page 42
42 Management Information System
42 a) exception b) send c) periodic scheduling d) request and response 19. Daily or weekly sales analysis reports and monthly financial reports are an example of ______ report. a) exception b) send c) periodic scheduling d) request and response 20. When a DBMS query is fired to retrieve information on demand then it can act as an example of ______ report. a) exception b) send c) periodic scheduling d) request and response 3.6 EXERCISE 1. What is IS? 2. Explain components of IS. 3. What is MIS? 4. Explain objectives and characteristics of MIS. 5. Short note on modern organization. 6. How does IS help in Organizations? 7. Explain in detail about the types of modern organizational structures. 8. Short note on • Matrix organizational structure • Flat organizational structure • Process – based organizational structure • Team -based organizational structure • Functional organizational structure • Circular organizational structure 9. What are the types of reports in MIS? munotes.in
Page 43
43
Organizations and
Information Systems 3.7 VIDEO LINKS 1. (2261) Introduction to Information Systems - YouTube 2. (2261) Components of Information System - YouTube 3. (2261) Functions and Characteristics of Management Information System in hindi - YouTube 4. (2261) Modern and Traditional Organizations #DrNix - YouTube 5. (2261) Organisation Structure - YouTube 6. (2261) Types of Organizational Structures - YouTube 7. (2261) Basic Kinds of Management Information System (MIS) Reports - YouTube munotes.in
Page 44
4 CONCEPTS OF MANAGEMENT INFORMATION SYSTEMS Unit Structure 4.0 Data and Information 4.1 Information as a Resource 4.2 Information in Organisational Functions 4.3 Types of Information Technology 4.4 Types of Information Systems 4.5 Decision Making with MIS 4.6 Communication in Organizations 4.7 Self-Learning Topics: Case Study: Management Issues- Challenges for Managers 4.8 List of References 4.9 Quiz 4.10 Exercise 4.11 Video Links The applicability of Management Information Systems (MIS) has evolved over a period of time comprising many different facets of the organizational function. MIS is a need in all the organizations. The initial concept of MIS was processing available data available in the organization and present it in the form of reports at regular time intervals. The system was largely capable of handling the data from collection to processing. It was more impersonal, requiring each individual to pick and choose the processed data and use it according to the requirements. This concept was further modified when a distinction was made between data and information. 4.0 DATA AND INFORMATION Information is the product of data analysis. This concept is analogous to raw materials and finished products. However, data can be analysed in different ways, creating different shades and characteristics of information as a product. Therefore, the concept of the system should be human-centric, as different people may have different orientations to information. This concept has been modified so that the system should present information in a format and format that influences the user and triggers a decision or investigation. It was later realized then even though such an impact was a munotes.in
Page 45
45
Concepts of Management
Information Systems welcome modification, some sort of selective approach was necessary in analysis and reporting. Hence, the concept of exception reporting was imbibed in MIS. The norm for an exception was necessary to evolve in the organization. The concept remained valid till and to the extent that the norm for an exception remained true and effective. Since the environment turns competitive and is ever changing, fixation of the norm for an exception becomes a futile exercise at least for the people in the higher echelons of the organization. Then the concept was developed that the system should be able to handle demand-based exception reports. This need can be an individual or a group of people. This required storing all the data together in a format that anyone could access and process as needed. The concept is that the data is the same, but different people see it differently. Data can be defined as groups of non-random symbols (words, values, numbers) that represent things that have happened. Data is data obtained by observation or research and recorded. Often these are referred to as raw data or master data and are often records of an organization's day-to-day transactions. Eg; date, amount and other details of a bill or check, details of a person's payroll, national insurance and taxes, leaving machines or shifts, number of vehicles passing a road monitoring point sets, etc. Data comes from both external and internal sources, and while most external data is in a concrete, easy-to-use form — for example, bank statements, purchase invoices — activities Internally, proper measurement and recording requirements are developed and maintained in order for the data to be recorded. Most cost accounting, inventory control, production control, and similar systems would fall into the latter category. Information is data that has been interpreted and understood by the recipient of the message. It should be noted that the user, not just the sender, is involved in the transformation of data into information. There is a thought process and understanding involved and whereby a given message can have different meanings to different people. It also follows that data that has been analysed, summarized or otherwise processed to produce a message or report that would normally be considered management information will not become information unless get understood. It is the user who determines whether a report contains information or only processed data. Accordingly, it is essential that the producer of reports and messages of all types know the requirements of the user, background, position in the organization, knowledge (or not) of language and mathematics and the context in which the message will be used to increase the likelihood that information will be drawn from the message. In a nutshell, information is the knowledge and understanding of the recipient. It reduces uncertainty and has unexpected value. If a message or report does not have these attributes, as far as the recipient is concerned, it munotes.in
Page 46
46 Management Information System
46 contains only data, not information. This is a crucial point that is not always understood by information professionals. Characteristics of data • They are data obtained by reading, observing, counting, measuring and weighing etc. then recorded • Data comes from external and internal sources (activities with the company). • Data can be generated as an automated by-product of a process but essential operations such as invoice production or otherwise must enter a special counting or measurement process and record the results. • The data source needs considerable attention because if the data source fails, any resulting information will be worthless. Characteristics of information • Relevance: The information should be related to the issue under consideration. Often reports, news, tables, etc. contain irrelevant parts that prevent the user of the information from understanding the true meaning of what the sender wants. • Accuracy: Information must be trusted by the administrator and accurate enough for the intended purpose. • Integrity: Ideally, all the information needed to make a decision should be available. However, in practice this is often not possible. The information related to the key elements of the problem needs to be complete. This suggests that there needs to be an interaction between the information provider and the user to ensure that the key elements are identified. • Trust in Sources: In order for information to be valuable, it must be used. To use the manager must trust the source. Improves reliability data processing output • The source was reliable in the past • There is good communication between the information producer and the manager. • Communicating with the Right People: Everyone has a defined area of activity and responsibility and needs to receive information that helps them perform their assigned tasks. In reality, this is not as easy as it sounds 4.1 INFORMATION AS A RESOURCE Information is knowledge derived from facts placed in the appropriate context to reduce uncertainty from the manager's perspective, and munotes.in
Page 47
47
Concepts of Management
Information Systems information helps reduce uncertainty about alternative behavioural policies in the decision-making process. Information is a value-added resource. Just as value is added to a product as it moves from raw material stage to final product, the same is true of conversion of data into information. Information has a specific cost associated with it just as if it were acquired from market. Therefore, obtaining and using information effectively is as essential as any other resource. The availability of information about alternatives increases your chances of making the right decision. Information is considered one of the most important corporate resources. This is a source of competitiveness as it allows management to beat competitors at critical stages. Both internal and external data sources contribute in journey from data to information and hence it helps in major decision making or strategy building. It acts as major resource in analytical processing to generate insights and reports. 4.2 INFORMATION IN ORGANISATIONAL FUNCTIONS Its role is to support key aspects of running an organization, such as communication, record keeping, decision making, data analysis, and more. Companies use this information to improve business operations, make strategic decisions, and gain competitive advantage. Management using information systems has greater potential if such systems are technology-aware. This technology not only speeds up the processing, storage and retrieval of data, but also brings a lot of flexibility to the system by introducing various options that facilitate end-user tasks. For example, in a manual system, monthly sales information can only be created in paper format. It will be delivered to the marketing manager on paper. This means that you won't get monthly revenue information while traveling, but technology-based information systems will allow marketing managers' mobile computing devices to get monthly revenue-related information, even via mobile communications technology. This way it makes job much easier. These types of options are possible when technology is used. They affect both the quality of information and the delivery of information, providing users (managers) with a wide range of options. The information is intended to be shared by all those involved in the achievement of the company's common goals and, in turn, they contribute to the company's stock of information. Information has various security risks. Therefore, it must be protected by implementing appropriate security policies and procedures that do not impede the seamless flow between its users. Most information is organization-specific and its value depends on its use by decision-makers. munotes.in
Page 48
48 Management Information System
48 It has a high obsolescence rate and therefore needs to reach users as soon as possible. The excess of this resource must be removed from the total information repository. Following are few ways in which information is used in organization: • Business Process Support: Treat the input as a request from the customer and the output as a service to the customer. Supports current operations and uses the system to affect subsequent operations. • Supporting the operation of the business organization: IS supports the operation of the business organization through timely information provision, maintenance and improvement. This gives your organization more operational flexibility. • Decision Support: IS supports the decision making of employees in their day-to-day operations. It also helps managers make decisions to achieve their organization's goals and objectives. A variety of mathematical models and IT tools are used to develop strategies to meet competitive requirements. • Organizational Strategy: Today, all companies are entering the competitive market. IS supports organizations in developing appropriate strategies to help companies survive in the competitive environment. The role of information in decision making cannot be exaggerated. Effective decisions require accurate and timely and related information. MIS provides the accurate and timely information of needed to facilitate the decision-making process and enables organizations to effectively execute planning, control and operational functions. 4.3 TYPES OF INFORMATION TECHNOLOGY Information technology is a broad set of technologies/technology disciplines such as computer science and engineering, telecommunications, electronics, etc., that contribute to the management of information. Information technology ensures faster and more accurate data processing so that the right information can be delivered to the right people at the right time with greater efficiency. Information technology helps information systems bring more value to management through the intervention of technology not only in the field of communication but also in providing information, visualization, communication and ease. access. There are various types of information technology used in business, few of them are mentioned below: • Computers Computers are used in some businesses. They are equipped with software that allows them to perform all sorts of tasks: Analysing financial information, sending and receiving emails, and designing sales presentations. This computer is designed as a desktop device or munotes.in
Page 49
49
Concepts of Management
Information Systems mobile laptop for use in the office or travel. PCs (personal computers) running Microsoft Windows are the most commonly used. Macintosh computers running the Apple operating system are also used, but are primarily used by professionals. Computers are essential to enable businesses to manage their daily activities more productively and efficiently. • Software Computers use different types of programs and operational information called software to perform specific tasks. Companies use productivity tools such as Microsoft Word, a word processing package, and Microsoft Excel, a financial spreadsheet system. Microsoft PowerPoint and Apple Keynote are also used to quickly and easily create professional-looking sales presentations. Companies use specific software that suits their needs. ● Networking Networking is used to interact with groups of people, share information and documents, store information, and communicate via email. You can also share printers and storage devices on your computer. The network can be limited to computers in the office or connected to multiple offices. Networking is essential to your business as it provides a way to build relationships with others in relevant areas to find and grow new customers and partnerships. ● Telephone Communication Communication is the key to building business relationships. For this reason, businesses use some type of telephone system to communicate with their customers and organizations. This provides a fast and efficient personal connection with other users. Good customer service with customers and effective communication with employees will ultimately help build and grow your business's reputation. Currently, there are business telephone systems with various functions to meet the needs of companies. Voice over internet protocol, Voice over IP, is very popular and allows users to make calls over the internet instead of traditional analog phone systems. ● Accounting System Accounting System is software that allows businesses to manage their expenses and income. Quickbooks are most commonly used by small businesses. It is easy to set up and maintain. Large enterprises, on the other hand, use SAP Business One or Sage Accpac to enhance customization and integration with other systems. The choice of the right accounting system depends on the size and needs of your business. Before making a decision, it's a good idea to consult an accountant to review your options. munotes.in
Page 50
50 Management Information System
50 ● Inventory Management System The Warehouse Management System is used to manage all of the company's inventory. It accurately tracks items, including quantity in stock, updates the system when new stock arrives and is sold, and keeps accurate records. Companies need an appropriate and organized inventory management system to maintain the proper balance of items in their inventory, understand their inventory, and check their finances. 4.4 TYPES OF INFORMATION SYSTEMS An information system is a system-based concept that focuses on transactions, events, and data. It is the systematic process involved in collecting, storing, processing, retrieving and disseminating information, ensuring the repeatability of the delivery of good quality information within an organization. Types of information systems are as follows: Transaction Processing System The Transaction Processing System (TPS) performs data collection, storage, processing, and output functions for essential business operations. The TPS information system collects data from user input and then generates an output based on the collected data. An example of a TPS system is an online airline reservation system. In such a system, the traveller selects (enters) a flight itinerary and favourite places, and the system updates (processes) the list of available places by deleting the traveller’s selection. The system then creates a copy (output) of the invoice and ticket. TPS information systems can be based on real-time processing or batch processing and can help business owners meet demand without hiring additional staff. Customer Relationship Management System Business owners use customer relationship management (CRM) systems to synchronize their sales and marketing activities. CRM systems accumulate and track customer activity, including shopping trends, product defects, and customer inquiries. The capabilities of a typical CRM information system allow customers to interact with your company to get feedback about your service or product and to solve problems. Businesses may also use CRM systems within their premises as a component of their collaboration strategy. Thus, a CRM information system allows business partners to interact with each other in the development of ideas and products. Even if your business partners are remote, you can collaborate in real time. Business Intelligence Systems Business intelligence systems (BIS) can be complex as they identify, extract and analyse data for various operational needs, particularly for decision munotes.in
Page 51
51
Concepts of Management
Information Systems making purposes. BIS information systems may provide analyses that predict future sales patterns, summarize current costs and forecast sales revenues, they perform ETL processes. Business intelligence systems collect data from the various data warehouses in an organization and provide management with analyses according to lines of business, department or any breakdown that management desires. For example, financial institutions use BIS systems to develop credit risk models that analyse the number and extent of lending or credit given to various sectors. These systems may use various techniques and formulas to determine the probability of loan defaults. Knowledge Management Systems Knowledge Management Systems (KMS) organize and analyse knowledge and then redistribute or share it with individuals in an organization. The purpose of these information systems is to innovate, increase productivity, integrate and preserve knowledge within organizations. Although KMS information systems are typically sold to large enterprises, small businesses can also benefit from knowledge gathering. The KMS Information System acts as a central repository and stores information in a standard format. These systems allow business owners to remain consistent and respond quickly to customer and partner requests. Management Information System Small business managers and owners rely on an industry specific management information system, or MIS, to get current and historical operational performance data, such as sales and inventories data. Periodically, the MIS can create prescheduled reports, which company management can use in strategic, tactical and operational planning and operations. For example, an MIS report may be a pie chart that illustrates product sales volume by territory or a graph that illustrates the percentage increase or decrease in a product's sales over time. Small business managers and owners also rely on the MIS to conduct “whatif” ad hoc analyses. For example, a manager might use the system to determine the potential effect on shipping schedules if monthly sales doubled. Decision Support System A decision support system, or DSS, allows small business managers and owners to use predefined or ad hoc reports to support operations planning and problem resolution decisions. With DSS, users find answers to specific questions as a means to evaluate the possible impact of a decision before it is implemented. The answers to queries may take the form of a data summary report, such as a product revenue by quarter sales report. To conduct an analysis, business owners and managers use an interface – a dashboard – to select a particular graphic representation of a key performance indicator that measures the progress toward meeting a specific munotes.in
Page 52
52 Management Information System
52 goal. For example, a manufacturing dashboard might display a graphic representing the number of products manufactured on a particular line. Executive Support System The executive support system, or ESS, contains predefined reports that help small business owners and managers identify long term trends in support of strategic planning and nonroutine decision making. System users click on any icon displayed on the ESS screen and enter report criteria to view individual predefined reports and graphs, which are based on companywide and functional department data, such as sales, scheduling and cost accounting. The ESS reports brief the business manager or owner on an issue, such as market trends and buyer preferences. The ESS system also offers analysis tools used to predict outcomes, assess performance and calculate statistics based on existing data. 4.5 DECISION MAKING WITH MIS A simple view of decision making is that it is a problem of choice among several alternatives. A complete scenario includes a search for opportunities for decisions. A company's manager may face a choice of with clear choices (for example, choosing a supplier from among existing suppliers). She may also face the problem of designing a creative decision option (for example, how to sell a new product to maximize the port). Finally, she is unresponsive and can see decision problems as an opportunity to be discovered by studying the business of the company and its environment (for example, how she clarifies the production process). There is plenty of anecdotal and empirical evidence that determines the final quality of a decision, structuring the decision problem and identifying creative decision options. The decision support system is primarily aimed at this widest type of decision making, and in addition to decision support in system modelling and analysis. By depending on the scope decision making is divided into two broad categories. The decision-making process can be planned in advance. Programmed decisions: These are decisions made using standard rules, procedures, or quantitative methods. They are often referred to as "rules of thumb," are commonly accepted guidelines or procedures that usually lead to a good decision. To make a programmed decision, the decision maker uses the performance program. This is the standard sequence of actions that members of an organization routinely follow when they encounter a particular type of problem or opportunity. For example, warehouse management decision, machine loading decision, plan, etc. Unprogrammed decision: This type decision handles anomalous or exceptional situations. They are the decisions made in response to the new issues and opportunities. This type of decision contains a high level of uncertainty and cannot be delegated to a low level and can affect things. But always affects people. Examples: merger, acquisition of, launch of new munotes.in
Page 53
53
Concepts of Management
Information Systems product, staffing, etc. Whether the decision is programmatic or non-programmatic, the relies heavily on input from the management information system. Good decision-making option guarantees viable decisions in organization. MIS gives administrators quick access to information. This may include interaction with other decision support systems, information requests, cross-references of external information, and potential data mining techniques. In another example, MIS is also said to have revolutionized the decision-making process through an automated system. Such system administrators are no longer dependent on the 24-hour service worker, and instead the machine is said to be programmed to do the routine decisions on behalf of people. Decision and MIS The development of information and communication technology as a change in social structure has also influenced the decision-making tasks of manager. Many organizations are preparing for effective and efficient use of the new Information and Communication technology. Information and Communications technology has two advantages for organizations. First, makes it easy for organizations and administrators to collect data. This further supports decision-making process. Second, telecommunications technology enables organizations to better operate and make effective decisions in a globally competitive environment. Information and Communication technology improves the quality of decision making, an important element for an organization. Causes dramatic changes at the level of the organization. This includes the leadership and strategy of the organization, as well as the actions of the members of the. Information and communication technology has become an integral part of the decision-making process of organizations, and managers at all levels are increasingly receiving support from information and communication technology. Modern information and communication technology is definitely an information management system that offers services in many areas. Information and Communication Technology allows you to collect, analyse, and evaluate data, send it from one point to another, and instantly access information. Reduce costs, increase productivity, carefully improve adjustments, lead times and controls. It leads to better service. Undoubtedly, management has been essential for humans since the last many years. Looking at the various management activities, it is clear that the essence of all management activities is decision making. Decision making is an integral part of management. Management is very smart for all tasks. It determines your organization's policies and development goals for. Organizational design, selection, evaluation and management practices, and decision making in all formats are one of the most important pillars. In a simple definition, the decision is to choose a path between different paths. MIS is useful in the area of decision making as it can monitor by itself disturbances in a system, determine a course of action and take action to get munotes.in
Page 54
54 Management Information System
54 the system in control. It is also relevant in nonprogrammer decisions as it provides support by supplying information for the search, the analysis, the evaluation and the choice and implementation process of decision making. MIS is an organization-a great effort to provide information about the decision-making process. This system is a formal commitment by managers to make computer available to all managers. MIS sets the stage for achievements in other areas: DSS, virtual offices, and knowledge base systems. The main idea behind MIS is to maintain a continuous supply of information for management. Next, a decision is made based on the data and information collected from MIS. MIS may be viewed as a mean for transformation of data, which are used as information in decision-making processes. MIS also plays an important role in offering a wide range of optimized options that allow decision makers to make priorities. This guarantees that, whatever choices are made by decision makers, the outcome, more often than not, becomes positive. 4.6 COMMUNICATION IN ORGANIZATIONS Communication and management are inextricably linked. Communication is the process of exchanging information between two or more people. The role of planning, organizing, teaching, and managing management depends on effective communication. The administrator must be able to receive accurate information in order to make a plan and send accurate information about the plan to be implemented. When information is sent and received correctly, you can notify everyone in your organization. However, if the information is misinterpreted or disseminated, communication can cause serious problems for the organization. We can say that “effective communication is a building block of successful organizations”. In other words, communication acts as organizational blood. The communication process model is basic mechanism of information flow in an organisation. The communication process may seem simple: one person sends a message and others receive it. The process becomes more complex, however, because the information in the message must be sent and received accurately. The communication-process model describes how the information is sent and received.
The communication process model
munotes.in
Page 55
55
Concepts of Management
Information Systems The easiest way to understand a model is when one person is communicating with another. The sender, who initiates the communication, has information that other recipients need to know. However, the information must be encoded in a format before it can be sent. In simple cases, the information is put into the words spoken to the recipient. Alternatively, you can convert the information into printed text, tables, charts, or graphs and provide it to your recipients. In more complex cases, the information is encoded into words or images and then converted into electronic signals that are sent to the recipient. A channel is the medium through which information is transmitted. It can be air carrying sound waves, paper carrying text or images, or wires or magnetic fields carrying electronic signals. In the opening example, management had information about when Matthias was hired and started. They wanted employees of the company to have this information, so they put it in a message and sent it to them. Recipient reverses the process. Recipient receives an encrypted message and decrypts it. That is, it transforms the message back into understandable information. In the first example, the employee reads the message and knows who is hired and when to start. The role of the manager is to achieve the goals of the organization. To do this, the manager creates a plan that defines what needs to be done, when to do it, and how to do it. To implement the plan, managers need to share this information with everyone in the organization. In other words, you need to communicate your plan to the members of your organization. However, managers do more than just educate people about what they need to do to support their plans. You also need to support your plans, build commitments to your organization, build trust and collaboration, and motivate people to inform everyone about events and actions that affect your organization. Good communication not only provides information, but also helps create a culture in which people feel they belong and want to support their organization. Below are some of the benefits of effective communication. • Guarantee clarity. Confusion, uncertainty, and ambiguity make people uncomfortable and uncooperative. Clear roles, responsibilities, and relationships give everyone the information they need to work and understand their contributions to the organization. Effective communication reduces costs associated with conflicts, misunderstandings and mistakes. • Build a relationship. A culture that promotes open communication eases tensions between employee levels, both professionally and socially. In a credible and collaborative culture, people are more likely to seek help with a problem and suggest solutions or improvements. Effective communication creates a communal culture that promotes teamwork and collaboration. • Obligation created. Effective communication involves not only sending but also receiving information. Managers can add value to everyone in the organization by listening to employee concerns, munotes.in
Page 56
56 Management Information System
56 giving opinions about their work and workplace, and considering suggestions. When employees value an organization, they can be more aggressive and motivated. Effective communication creates support and engagement. • Define expectations. If you don't know what you're expecting and how you're being evaluated, you can't work well. 4.7 SELF LEARNING TOPICS: CASE STUDY: MANAGEMENT ISSUES- CHALLENGES FOR MANAGERS ● Requirement of a skilled staff For a management information system to function optimally, a business organization needs professionals who are not only business savvy but also have excellent technical know-how. This is because businessmen can get the most out of MIS only if they know the technology of MIS. Moreover, finding such a qualified professional is not an easy task for a company. Therefore, the need for qualified personnel is one of the biggest challenges for management information systems. ● Finding and Retaining Talented Professionals Finding and Retaining Talented Professionals is certainly a big challenge, but maintaining the same talent is even bigger. This is because business technology is advancing at a very fast pace. This leads to the development of new opportunities for IT professionals. These fascinating opportunities often divert talent from moving from one management company to another. Therefore, it is difficult for most companies to find and maintain a MIS specialist who can properly manage their management information systems. ● Adapting to the ever-changing world of business technology As mentioned earlier, business technology advances are occurring at a very fast pace. To stay ahead of the competition in the competitive environment of the enterprise sector, enterprise organizations need to adopt these advances on a regular basis. This means that you need to continually migrate from your current management information system to an updated version or another better MIS. During this transition, business organizations will need to make additional efforts to support their employees in adapting to changes, which is not an easy task. In fact, it can sometimes be really frustrating for employees to reprogram their minds in response to the latest advances in management information systems. In summary, it is a challenge for business organizations to keep up with the ever-changing world of business technology. munotes.in
Page 57
57
Concepts of Management
Information Systems ● Developing and Implementing the Right Strategy The right data plays a key role in the success of your business, and managed information systems help organizations collect data across their networks. However, it is often not easy to process and correctly interpret the vast amount of data collected. This makes it difficult for management to use the data to develop and implement appropriate strategies that can support the growth of the organization. Therefore, enterprise organizations have to spend a great deal of effort to fully interpret the data, which is a very difficult task. 4.8 LIST OF REFERENCES • Management Information Systems- A global digital Enterprise perspective, 5th • edition - By W.S.Jawdekar, TMG Publications • Management Information System, James O‘Brien, 7th edition, TMH • Management Information Systems, Loudon and Loudon, 11th edition, Pearson. • C. W. Frenzel and J. C. Frenzel, 2004. “Management of Information Technology”, 4th edition Thomson course technology, Cengage Learning. • Difference between Data and Information | MIS (businessmanagementideas.com) • Types of Information Systems in an Organization (chron.com) • Concept of Management Information Systems (MIS) - MBA Knowledge Base (mbaknol.com) • The Concept of Information as a Resource - Computer Notes (ecomputernotes.com) • 6 Most Important Features of Information as a Corporate Resource (yourarticlelibrary.com) • Journal of Management Research and Analysis, January – March 2015, Decision Making Based On Management Information System And Decision Support System by Ghaffarzadeh S. A. M. • Communication and Management | Principles of Management (lumenlearning.com) • Importance of Communication in an Organization (managementstudyguide.com) • The 7 Most Common Types of Business Technology – Zimega Technology Solutions- IT Support for Your Business (zimegats.com) munotes.in
Page 58
58 Management Information System
58 4.9 QUIZ 1. The current major stage in the business use of IS is oriented towards ______________. a) Cost reduction and productivity b) Gaining competitive advantage c) Strategic advantage and costs d) Improved customer relationship management 2. Which of the following statements, about the use of decision support systems, is true? a) They are applied only to the choice phase of the problem-solving process. b) They are only applied to frequent, recurring problems. c) They are only applied to highly-structured problems d) They assist decision makers at all levels within the organization. 3. ______________ often referred to as "rules of thumb," are commonly accepted guidelines or procedures that usually lead to a good decision. a) Optimization models b) Satisficing models c) Heuristics d) Programmed decisions 4. ______________ represent(s) the application of information concepts and technology to routine, repetitive, and usually ordinary business transactions a) E-commerce b) Transaction processing systems c) Management information systems d) Decision support systems 5. ______________ system is concerned with the way information is used for purpose of control and applies technologies. a) Feedback b) Interview c) Interaction d) Conference munotes.in
Page 59
59
Concepts of Management
Information Systems 6. In a company ______________ is the centre which consists of all processing activities. a) Production b) Data c) Information d) Sales 7. ______________ models to analysis a problem and provides possible solution for management evaluation a) Decision. b) Standard. c) Structural. d) Periodic. 8. _____ information systems may provide analyses that predict future sales patterns, summarize current costs and forecast sales revenues, they perform ETL processes. a) BIS b) KMS c) TPS d) CRM 9. Which of the following is NOT a goal of transaction processing systems? a) Capture, process, and store transactions b) Produce a variety of documents related to routine business activities c) Reduce manual effort associated with processing business transactions d) Produce standard reports used for management decision making 10. __________ ensures faster and more accurate data processing so that the right information can be delivered to the right people at the right time with greater efficiency. a) Information technology b) Science and technology c) Communication technology d) Computer technology munotes.in
Page 60
60 Management Information System
60 11. The ______ acts as a central repository and stores information in a standard format. a) KMS b) TPS c) CRM d) BIS 12. _________ is an integral part of management. a) Decision making b) Feedback c) Managers d) Employees 13. _________ contains predefined reports that help small business owners and managers identify long term trends in support of strategic planning and nonroutine decision making. a) Executive Support System b) Customer Relationship Management System c) Business Intelligence System d) Decision Support System 14. A _____ is the medium through which information is transmitted. a) input b) mode c) channel d) connector 15. Recipient receives an encrypted message and ____ it. a) opens b) encrypts c) decrypts d) access 16. ___________ acts as organizational blood a) capital b) communication c) employee d) management munotes.in
Page 61
61
Concepts of Management
Information Systems 17. Which of the following is the correct sequence of Communication process model? a) Sender>Encoding> Channel>Decoding>Receiver>Feedback b) Sender>Decoding>Channel>Encoding>Receiver>Feedback c) Sender>Encoding>Feedback>Channel>Decoding>Receiver d) Receiver>Encoding>Channel>Decoding>Sender>Feedback 18. __________ is software that allows businesses to manage their expenses and income. a) Accounting System b) Networking System c) Inventory System d) Telecommunication System 19. _________ are most commonly used by small businesses. a) Quickbooks b) Slowbooks c) Macbooks d) Blackbooks 20. ________ systems accumulate and track customer activity, including shopping trends, product defects, and customer inquiries? a) CRM b) KMS c) DSS d) TPS 4.10 EXERCISE 1. What is data and information? 2. What are the characteristics of data and information? 3. Short note on Information as a resource. 4. List and explain types of information technologies used in business. 5. What are types of information systems? 6. What are the ways in which information is used in organization? munotes.in
Page 62
62 Management Information System
62 7. Explain decision making in MIS. 8. Explain basic types of decisions. 9. Describe communication process model with neat diagram. 10. What are the benefits of effective communication? 11. What are the challenges faced by managers? 4.11 VIDEO LINKS 1. INFORMATION | DATA vs INFORMATION | DATA COLLECTION METHODS | MANAGEMENT INFORMATION SYSTEM - YouTube 2. (2277) Characteristics of Information in Hindi | Information Characteristics | Techmoodly - YouTube 3. (2277) Transaction Processing System (TPS) (in hIndi)- Introduction, Types, Roles, Features, - YouTube 4. Decision Support System | Intro | Types | Benefits | Artificial Intelligence | KBES | MIS - YouTube 5. (2277) Management Information System | Unit 2 | Planning | Corporate Planning | Decision Making | CCS - YouTube 6. (2277) Role of Management Information System | MIS and Management Efficiency | Study at Home with me - YouTube 7. MIS 4 IS Opportunities and Challenges - YouTube munotes.in
Page 63
63 5 DECISION SUPPORT SYSTEM(DSS) Unit Structure 5.0 Objectives: 5.1. Introduction to Decision Support System 5.1.1 A brief history of Decision Support Systems 5.1.2 Components of a Decision Support System 5.1.3 Types of Decision Support System 5.1.4 Data-driven 5.1.5 Model-driven 5.1.6 Knowledge-driven 5.1.7 Communication -driven 5.1.8 Advantages of DSS 5.1.9 Disadvantages of DSS 5.2. Introduction of Group Decision Support System. 5.2.1 What is GDSS ? 5.2.2 Advantages of GDSS : 5.2.3 Disadvantages of GDSS : 5.2.4 Features of Group Decision Support System (GDSS): 5.2.5 Components of Group Decision Support System (GDSS) : 5.3 Knowledge Based Expert System 5.3.1 History of KBS 5.3.2 How does it work? 5.3.3 Components of a KBS 5.3.4 Types of knowledge-based systems 5.3.5 Advantages of KBS 5.3.6 Disadvantages of KBS 5.3.7 Challenges of knowledge-based systems 5.4 Summary 5.5 References for further reading. munotes.in
Page 64
64 Management Information System
64 5.0 OBJECTIVES: This chapter will make the readers understand the following concepts: • Concept of decision support system • History of DSS • Understand components of DSS • Different types of DSS • Knowledge based DSS • Concept Of KBS • Components of KBS • Design approach of KBS 5.1. INTRODUCTION TO DECISION SUPPORT SYSTEM As organizations grow, they usually have multiple data sources that store different kinds of information. The data that is present within various sources in the organization can provide meaningful insights to the business users if analysed in a proper way and can assist in making data as a strategic tool leading to improvement of processes. A decision support system (DSS) is an information system that aids a business in decision-making activities that require judgment, determination, and a sequence of actions. The information system assists the mid- and high-level management of an organization by analyzing huge volumes of unstructured data and accumulating information that can help to solve problems and help in decision-making. A DSS is either human-powered, automated, or a combination of both. Broadly speaking, a decision support system (DSS) is an analytics software program used to gather and analyze data to inform decision making. There are many different types of decision support systems, from modern business intelligence which uses AI and machine learning to suggest insights and analyses for humans to perform, to model-based DSS systems which use predefined criteria to perform automated calculations and deliver best-case decisions. For all types, DSS is used in timely problem solving to improve efficiency and streamline operations, planning and company management. A decision support system produces detailed information reports by gathering and analyzing data. Hence, a DSS is different from a normal operations application, whose goal is to collect data and not analyze it. In an organization, a DSS is used by the planning departments – such as the operations department – which collects data and creates a report that can be used by managers for decision-making. Mainly, a DSS is used in sales projection, for inventory and operations-related data, and to present information to customers in an easy-to-understand manner. munotes.in
Page 65
65
Decision Support
System(DSS) Theoretically, a DSS can be employed in various knowledge domains from an organization to forest management and the medical field. One of the main applications of a DSS in an organization is real-time reporting. It can be very helpful for organizations that take part in just-in-time (JIT) inventory management. In a JIT inventory system, the organization requires real-time data of their inventory levels to place orders “just in time” to prevent delays in production and cause a negative domino effect. Therefore, a DSS is more tailored to the individual or organization making the decision than a traditional system. 5.1.1 A brief history of Decision Support Systems Decision Support Systems have evolved over the past three decades from simple model-oriented systems to advanced multi-function entities. During the 1960’s, most Decision Support Systems were fairly based on powerful (and expensive) mainframe computers which provided managers with structured, periodic reports. MIS theory developments during the 1970’s saw Decision Support Systems evolve into more elaborate computer-based systems that supported production, promotion, pricing, marketing and some logistical functions. By early 1980’s Decision Support Systems enjoyed more interests from academics and the framework for Decision Support Systems was greatly expanded by the end of the decade. It was only during the 1990’s that a paradigm shift occurred in Decision Support Systems and more complex systems, which incorporated, advanced database technology and client/server capabilities, were emerging from many areas in business processes. As many organizations started to upgrade their network infrastructure, object oriented technology and data warehousing started to make its mark on Decision Support Systems. The rapid expansion of the Internet provided additional opportunities for the scope of Decision Support Systems and consequently many new innovative systems such as OLAP and other web-drive systems were developed. 5.1.2 Components of a Decision Support System The three main components of a DSS framework are: 1. Model Management System The model management system S=stores models that managers can use in their decision-making. The models are used in decision-making regarding the financial health of the organization and forecasting demand for a good or service. 2. User Interface The user interface includes tools that help the end-user of a DSS to navigate through the system. 3. Knowledge Base The knowledge base includes information from internal sources (information collected in a transaction process system) and external sources (newspapers and online databases). munotes.in
Page 66
66 Management Information System
66 In nutshell Components of DSS can be categorized as: 1. Inputs: Records, Data factors, numbers, and characteristics for analyzing. 2. User Knowledge and Expertise: To run the proper functioning and provide inputs, the user must know how to use the system. 3. User Interface: DSS should support model construction and model analysis by providing a well-structured user interface. 4. Decisions: Based on user requirements, results are generated by the Decision Support System. 5.1.3 Types of Decision Support System There are various types of decision support system, which are classified as:
5.1.4 Data-driven Data-driven DSS refers to a category or type of Decision Support System that emphasizes access to and manipulation of a time-series of internal company data and sometimes external data. Simple file systems accessed by query and retrieval tools provide the most elementary level of functionality.
munotes.in
Page 67
67
Decision Support
System(DSS) Decision Support System includes file drawer systems, data analytics systems, analytical information systems, data storage systems and emphasizes access and manipulation of large structured data databases. Examples: chats and instant messaging software’s, online collaboration and net-meeting systems. Most data-driven DSSs are targeted at managers, staff and also product/service suppliers. It is used to query a database or data warehouse to seek specific answers for specific purposes. 5.1.5 Model-driven Decision Support System model comes from a variety of fields or specialties and could include accounting models, financial models, representative models, optimization models, etc. n some decision situations, quantitative models embedded in a Decision Support System (DSS) can help managers make better decisions. Model-driven DSS use algebraic, decision analytic, financial, simulation, and optimization models to provide decision support. This category of DSS is continuing to evolve, but research can resolve a variety of behavioral and technical issues that impact system performance, acceptance and adoption. This article includes a brief survey of prior research. It focuses on model-driven DSS built using decision analysis, optimization, and simulation technologies; implementation using spreadsheet and web technologies; issues associated with the user interface; and behavioral and technical research questions. Model-driven DSS can be used to aid decision making in a variety of situations. It can assist managers in making: • Credit and lending decisions • Product demand forecasting • Budgeting decisions • Marketing decisions • Production forecasting decisions • Resource allocation decisions • Project planning • Investment decisions 5.1.6 Knowledge-driven This Knowledge-driven focuses on knowledge and advise managers to take action on the basis of a certain knowledge base analysis. Predefined facts, Stored procedures, rules, and limitations are also referred to solve problems. It also has special expertise in problem-solving and is closely associated with data mining. Knowledge-Driven DSS can suggest or recommend actions to managers. These DSS are person-computer systems with specialized problem-solving expertise. The "expertise" consists of knowledge about a particular domain, understanding of problems within that domain, and "skill" at solving some munotes.in
Page 68
68 Management Information System
68 of these problems. A related concept is Data Mining. It refers to a class of analytical applications that search for hidden patterns in a database. Data mining is the process of sifting through large amounts of data to produce data content relationships. Tools used for building Knowledge-Driven DSS are sometimes called Intelligent Decision Support methods (cf., Dhar and Stein, 1997). 5.1.7. Communication -driven Globalization has not only expanded the product markets. It has also made organizations geographically more dispersed. Therefore, the way the business is done and decisions are made has also changed significantly. Collaborative decision-making has become more valuable than ever. This is why there is an increased emphasis on developing and implementing communications-driven group decision support systems. Decision making, in the current business environment, is a collaborative process with participation from in-house and remotely located teams or temporary work groups or task forces. In such a scenario, communications-driven group DSS makes it easier for every participant to send and receive communication and interact with others in real time, from their respective locations, without meeting physically. A communications-driven group DSS • Fosters collaboration between cross functional business teams at same or different locations • Allows geographically separated decision makers connect face-to-face in real time • Allows data sharing with rest of the team members, work groups or task force 5.1.8 Advantages of DSS • Improves efficiency and speed of decision-making activities. • Increases the control, competitiveness and capability of futuristic decision-making of the organization. • Facilitates interpersonal communication. • Encourages learning or training. • Since it is mostly used in non-programmed decisions, it reveals new approaches and sets up new evidences for an unusual decision. • Helps automate managerial processes. 5.1.9 Disadvantages of DSS Besides limitations, decision support systems also have some disadvantages, such as: munotes.in
Page 69
69
Decision Support
System(DSS) • Information Overload: A computerized decision making system may sometimes result in information overload. Since it analyzes all aspects of a problem, it leaves a user in a dilemma what to consider and what not to consider. Not each bite of information is necessary in decision making. But when it’s present, a decision maker finds it difficult to ignore information that is not a priority. • Too much Dependence on DSS: It is true that decision support systems are integrated into businesses to make everyday decisions faster and more easily. Some decision makers develop a tendency to depend too much on computerized decision making and don’t want to apply their own brains. Clearly, there is a shift in focus and decision makers may not hone their skills further because of excessive dependence on DSS. • Devaluation of Subjectivity: A decision support system promotes rational decision making by suggesting alternatives basis the objectivity. While bounded rationality or restricted irrationality plays a critical role in decision making, subjectivity cannot and should not be rejected. A DSS promotes objectivity and relegates subjectivity, which can have serious impact on a business. • Overemphasis on Decision Making: Clearly the focus of computerized decision making is on considering all aspects of a problem all the time, which may not be required in many of the situations. It is essentially important to train the users to ensure effective and optimal use of DSS. • Cost of Development: The cost of decision making decreases once a decision support system is installed. But development and implementation of a DSS requires a huge monetary investment. Customization may attract higher cost. If you’re on a tight budget, you might not get a customized DSS specific to your needs. 5.2 INTRODUCTION OF GROUP DECISION SUPPORT SYSTEM. 5.2.1 What is GDSS? GDSS is the abbreviation for Group Decision Support System. It is a system that supports decision-making and has been designed and structured in such a way so that the members constituting a group can interact with each other to arrive at a particular decision. It provides support for various group decision-making activities such as file sharing, integration of the individual opinions with that of the group, communication, modelling of group actions and any other action which requires interaction of the group members. The decision support systems that have been mentioned till now facilitate a single person to take decisions by providing computerised support. These decisions fall into the unstructured or semi-structured category. Most of the decisions that have to be taken in the organisation are generally a group effort rather than taken by a single person. munotes.in
Page 70
70 Management Information System
70 The main characteristic of the Group Decision Support Systems or GDSS is to support exchange and flow of information and ideas seamlessly between various members of the decision-making group. It also maintains the privacy of the members. There are also many other terms that have been introduced for the use of information technology in decision-making within a group. Some of the popular terms that are in use include Group Support System (GSS), Computer-Supported Co-operative Work (CSCW), computerised collaborative work support and Electronic Meeting System (EMS). Groupware is the term that has been coined for software used in such a scenario. Thus, a computer-based system is interactive in nature and helps in solving problems that are unstructured in nature when a group of decision makers are working in collaboration with each other. 5.2.2 Advantages of GDSS : 1) More Information in Less Time : It is possible to gather huge amount of information in a very short time period as GDSS facilitates the members of the team to work parallel. 2) Greater Participation : The risks associated with conformity pressure and groupthink is greatly decreased when the members of the group work in a GDSS because the members are able to express their thoughts freely. This is due to the anonymity feature extended by GDSS. 3) More Structure : In a GDSS environment the discussions are much more concentrated and focused. Irrelevant degradations are greatly reduced. 4) Automated Documentation : Comments are preserved forever and the system provides the result without any delay. Excellent graphics makes viewing more attractive. 5.2.3 Disadvantages of GDSS : 1) Cost : A significant amount of cost may be associated with putting up the infrastructure consisting of the room, network connectivity and the software. 2) Security : This risk arises when the facility for setting up GDSS has been rented. There are chances that information gets leaked to the peers by a low level employee. munotes.in
Page 71
71
Decision Support
System(DSS) 3) Technical Failure : The system must be properly implemented to reduce the risk associated with loss of connectivity and power loss. It is highly dependent on LAN/WAN infrastructure and bandwidth. 4) Keyboarding Skills : If the members get frustrated they might participate less. 5) Training : There is variation in the learning curve of the user in various situations. 6) Perception of Messages : MIS-interpretations may occur in case the members communicate less verbally. 5.2.4 Features of Group Decision Support System (GDSS): 1) Ease of Use : It consists of an interactive interface that makes working with GDSS simple and easy. 2) Better Decision Making : It provides the conference room setting and various software tools that facilitate users at different locations to make decisions as a group resulting in better decisions. 3) Emphasis on Semi-structured and Unstructured Decisions : It provides important information that assists middle and higher level management in making semi-structured and unstructured decisions. 4) Specific and General Support : The facilitator controls the different phases of the group decision support system meeting (idea generation, discussion, voting and vote counting, etc.) what is displayed on the central screen and the type of ranking and voting that takes place, etc. In addition, the facilitator also provides general support to the group and helps them to use the system. 5) Supports all Phases of the Decision Making : It can support all the four phases of decision making, viz intelligence, design, choice, and implementation. 6) Supports Positive Group Behaviour : In a group meeting, as participants can share their ideas more openly without the fear of being criticized, they display more positive group behavior towards the subject matter of the meeting. munotes.in
Page 72
72 Management Information System
72 5.2.5 Components of Group Decision Support System (GDSS) : A group decision support system (GDSS) is composed of 3 main components, namely hardware, software tools, and people. 1) Hardware : It includes electronic hardware like the computer, equipment used for networking, electronic display boards and audio-visual equipment. It also includes the conference facility, including the physical set up – the room, the tables, and the chairs – laid out in such a manner that they can support group discussion and teamwork. 2) Software Tools : It includes various tools and techniques, such as electronic questionnaires, electronic brainstorming tools, idea organizers, tools for setting priority, policy formation tool, etc. The use of these software tools in a group meeting helps the group decision-makers to plan, organize ideas, gather information, establish priorities, take decisions and document the meeting proceedings. As a result, meetings become more productive. 3) People : It compromises the members participating in the meeting, a trained facilitator who helps with the proceedings of the meeting, and an expert staff to support the hardware and software. The GDSS components together provide a favorable environment for carrying out group meetings. 5.3 KNOWLEDGE BASED EXPERT SYSTEM A Knowledge Based System or a KBS is a computer program that uses artificial intelligence to solve problems within a specialized domain that ordinarily requires human expertise. Knowledge-based system is a more general than the expert system. A knowledge-based system is a major area of artificial intelligence. These systems can make decisions based on the data and information that resides in their database. In addition, they can comprehend the context of the data being processed. A knowledge-based system is comprised of a knowledge base and an interface engine. The knowledge base functions as the knowledge repository, while the interface engine functions as the search engine. Learning is a key element to a knowledge-based system, and learning simulation improves the system over time. Knowledge-based systems are categorized as expert systems, intelligent tutoring systems, hypertext manipulations systems, CASE-based systems, and databases having an intelligent user interface. munotes.in
Page 73
73
Decision Support
System(DSS)
5.3.1 History of KBS The first knowledge-based systems were rule based expert systems. Representing knowledge explicitly via rules had several advantages: • Acquisition and maintenance- Using rules meant that domain experts could often define and maintain the rules themselves rather than via a programmer. • Explanation: Representing knowledge explicitly allowed systems to reason about how they came to a conclusion and use this information to explain results to users. For example, to follow the chain of inferences that led to a diagnosis and use these facts to explain the diagnosis. • Reasoning: Decoupling the knowledge from the processing of that knowledge enabled general purpose inference engines to be developed. These systems could develop conclusions that followed from a data set that the initial developers may not have even been aware of. As knowledge-based systems became more complex the techniques used to represent the knowledge base became more sophisticated. Rather than representing facts as assertions about data, the knowledgebase became more structured, representing information using similar techniques to object-oriented programming such as hierarchies of classes and subclasses, relations between classes, and behaviour of objects. As the knowledge base became more structured reasoning could occur both by independent rules and by interactions within the knowledge base itself. For example, procedures stored as demons on objects could fire and could replicate the chaining behaviour of rules. 5.3.2 How does it work? • Problem-solving power does not lie with smart reasoning techniques nor clever search algorithms but domain dependent real-world knowledge.
munotes.in
Page 74
74 Management Information System
74 • Real-world problems do not have well-defined solutions • KBS allow this knowledge to be represented and creates an explained solution. • A KBS draws upon the knowledge of human experts captured in a knowledge-base to solve problems that normally require human expertise • Uses Heuristic (cause-and-effect) rather than algorithms KBS as realworld problem solvers 5.3.3 Components of a KBS Knowledge Base: The accumulation, transfer, and translation of problem-solving skills from experts and/or documented knowledge sources to a computer programme to develop or increase the knowledge base is known as knowledge acquisition. The component of an expert system that contains the system’s knowledge organized in collection of facts about the system’s domain Knowledge is represented in the form of rules using IF ELSE. These IF ELSE rules is used to form chains of knowledge. There are 2 types: • Forward chaining(fact driven) • Backward chaining(goal driven) Explanation Facility: It’s a subsystem that describes what’s going on in the system. Inference Engine It derives answers from the knowledge base. This is the brain of the expert system that provides a methodology for reasoning about the information in the knowledge base, and for formulating conclusions. Inference Engine: It functions as an interpreter, analysing and processing rules. It performs the duty of matching antecedents from user replies and firing rules. Knowledge acquisition: The accumulation, transfer, and translation of problem-solving skills from experts and/or documented knowledge sources to a computer programme for the purpose of developing or increasing the knowledge base is known as knowledge acquisition. User Interface The component of an expert system that contains the system’s knowledge organized in collection of facts about the system’s domain. The user interface is used by the user to communicate with the knowledge base. 5. 3.4 Types of knowledge-based systems Here are some types of knowledge-based systems: munotes.in
Page 75
75
Decision Support
System(DSS) Case-based systems Case-based systems use case-based reasoning. This involves reviewing past knowledge of similar situations. Based on what it finds, the knowledge-based system provides solutions that were effective in those given situations. Expert systems Expert systems are one of the most common types of knowledge-based systems. These systems mimic human experts' decision-making processes, making them helpful for complex analyses, calculations and predictions. In addition to presenting solutions, they provide specific explanations for the problems they're solving. Hypertext manipulation systems Hypertext manipulation systems store knowledge by linking text to other texts and by using hypertext. Hypertext refers to a network of discrete blocks of information interconnected as a way to store data. This type of system allows you to access many types of data easily. 5.3.5 Advantages of KBS • Increase available of expert knowledge • Efficient and cost effective • Consistency of answers • Explanation of solution • Deals with uncertainty Knowledge-based systems are useful for providing expertise to people who require it, especially when they're attempting to make decisions quickly. They can be helpful for providing recommendations for various industries, and their potential may continue to grow as technology evolves. Some examples of current uses for knowledge-based systems include: Blackboard systems A blackboard knowledge-based system allows users to collaborate to achieve a solution. Human experts can continuously input new information into the system, helping to create partial solutions as they investigate the final outcome. The system uses partial solutions to determine the appropriate answer to a problem. Classification systems Classification systems analyze data and assign it to appropriate groups. This type of knowledge-based system allows you to determine what the classification status is for a section of data. It may be particularly useful for scientists, such as analyzing chemical components to determine the classification of particular chemical compounds. munotes.in
Page 76
76 Management Information System
76 Eligibility analysis systems Eligibility analysis systems may include guided questions for a user. These are often rule-based systems because they typically allow users to continue to answer questions until one of their responses indicates they're not eligible for the service. This type of system may be useful for those looking to make their screening processes more efficient, such as government organizations or hiring professionals. Medical diagnosis systems Medical diagnosis systems help diagnose patients based on their symptoms in medical history. They may answer a series of questions or a medical professional may enter the information for them, and, based on their responses, the knowledge-based system identifies what condition they may be experiencing, Many of these systems also recommend treatment methods the patient may consider based on their responses and potential diagnosis. It's important to note the system alone is not an appropriate replacement for professional medical care. 5.3.6 Disadvantages of KBS ● Lack of common sense ● Inflexible, difficult to modify ● Restricted domain of expertise limited to KB - Not always reliable 5.3.7 Challenges of knowledge-based systems • Some challenges of using knowledge-based systems include: • Acquiring, organizing and manipulating large volumes of data and information • Experiencing potential anomalies in the systems, such as redundant rules and circular dependencies • Handling the limitations of scientific and cognitive techniques • Navigating the generally abstract nature of knowledge • Providing a system that is only as high quality as the data and information it contains • Requiring accurate and extensive data to perform correctly 5.4 SUMMARY • A decision support system (DSS) is a computerized system that gathers and analyzes data, synthesizing it to produce comprehensive information reports. • A decision support system differs from an ordinary operations application, whose function is just to collect data. munotes.in
Page 77
77
Decision Support
System(DSS) • Decision support systems allow for more informed decision-making, timely problem-solving, and improved efficiency in dealing with issues or operations, planning, and even management. • A group decision support system (GDSS) is an interactive computer-based system that facilitates a number of decision-makers (working together in a group) in finding solutions to problems that are unstructured in nature. • The tools and techniques provided by the group decision support system improve the quality and effectiveness of the group meetings. • A group decision support system (GDSS) meeting comprises different phases, such as idea generation, discussion, voting, vote counting and so on. • A group decision support system (GDSS) is composed of 3 main components, namely hardware, software tools, and people. • A knowledge-based system (KBS) is a computer program that reasons and uses a knowledge base to solve complex problems. • A knowledge-based system is a major area of artificial intelligence. • These systems can make decisions based on the data and information that resides in their database. In addition, they can comprehend the context of the data being processed. • A knowledge-based system is comprised of a knowledge base and an interface engine. 5.5 REFERENCES FOR FURTHER READING. Web References: 1. https://www.guru99.com/data-mining-vs-datawarehouse.html 2. https://www.tutorialspoint.com/dwh/dwh_overview 3. https://www.geeksforgeeks.org/ 4. https://blog.eduonix.com/internet-of-things/web-mining-text-mining-depth-mining-guide munotes.in
Page 78
77 6 ERP, SCM AND CRM Unit Structure 6.0 Objectives 6.1 Introduction of ERP 6.1.1 Why Do Companies Implement ERP Software? 6.1.2 Benefits of ERP Systems 6.1.3 ERP MODELS 6.1.4 Benefits of ERP modules 6.2 Supply Chain Management (SCM) 6.2.1 Introduction 6.2.2 Why is supply chain management important? 6.2.3 Scope of SCM 6.2.4 SCM Processes 6.2.5 Advantages of SCM 6.2.6 Key features of effective supply chain management 6.2.7 Information Management in SCM 6.3 Customer Relationship Management(CRM) 6.3.1 Understanding Customer Relationship Management (CRM) 6.3.2 Components of CRM 6.3.3 Types of CRM technology 6.3.4 Advantages of Customer Relationship Management 6.4 Summary 6.0 OBJECTIVES: This chapter will make the readers understand the following concepts: Meaning of ERP Need of ERP ERP models Introduction to SCM Need of SCM Working of SCM Information Management in SCM munotes.in
Page 79
78 Management Information System
78 Advantages of SCM Concept of CRM Need of CRM Implementation of CRM 6.1 INTRODUCTION OF ERP Growing companies eventually reach a point where spreadsheets no longer cut it. That’s where enterprise resource planning software comes in: ERP systems collect and organize key business information and help organizations run lean, efficient operations, even as they expand. At its core, an ERP is an application that automates business processes, and provides insights and internal controls, drawing on a central database that collects inputs from departments including accounting, manufacturing, supply chain management, sales, marketing and human resources (HR). Once information is compiled in that central database, leaders gain cross-departmental visibility that empowers them to analyze various scenarios, discover process improvements and generate major efficiency gains. That translates to cost savings and better productivity as people spend less time digging for needed data. ERP which stands for Enterprise Resource Planning is a modular software system designed to integrate the main functional areas of a company’s business processes into one integrated system. ERP software standardizes, simplifies, and integrates business processes including finance, human resources, procurement, distribution, and other departments. ERP software that’s tailored to meet the needs of an individual business pays major dividends, making these systems a critical tool for companies across industries and of all sizes. Many of the world’s best-known and most successful firms have leaned on ERP for the last quarter century. Now, this software can be configured and priced to meet the needs of all-size businesses. Put simply, an ERP system helps unify people, core business processes and technology across an organization. ERP systems have become table stakes for businesses looking to use resources wisely. They can help leaders reallocate human and financial capital or build more efficient core business processes that save money without sacrificing on quality or performance. An ERP is also an asset when it comes to planning and coordination. Employees can see current available inventory and customer orders in detail, then compare supplier purchase orders and forecasted future demand. If necessary, they can make adjustments to head off problems. ERP software munotes.in
Page 80
79
ERP, SCM And CRM improves communication and collaboration as well because workers can check on the status of other departments to guide their own decisions. As a comprehensive source of data, an ERP system also provides a host of reports and analytics that can be difference-makers for the business. Turning a vast trove of information into charts and graphs that clearly illustrate trends and help model possible results is an ERP capability executives find invaluable. 6.1.1 Why Do Companies Implement ERP Software? The following are some common reasons why they use ERP. To integrate financial information Without an integrated system, each department, such as finance, sales, etc., must relies on a separate system. This requires companies to pay different fees for each system. Employees must also spend time reconciling financial data rather than figuring out how to improve the company. To manage orders and inventory With ERP software, companies can easily manage orders, production, inventory, and distribution. Since the entire process is managed through a single system, delays can be avoided, inventory is always at an adequate level, and customer expectations are always met. To manage and analyze customer data Most ERP systems provide CRM modules to track all customer interactions and provide information regarding orders, shipping, returns, service requests, and others. ERP software also allows retailers to gain insight into customer behaviour and needs. To standardize and speed up production Manufacturing companies, especially those with a desire for mergers and acquisitions, often find that several business units make similar widgets using different computer methods and systems. ERP systems can standardize and automate the manufacturing processes. This standardization saves time, increases productivity, and reduces costs. To manage human resources Many companies, especially those with multiple business units, have difficulty managing employee needs, distributing salaries and incentives, or tracking their working hours. ERP systems allow companies to maintain employee information, manage payrolls, monitor attendance, track expenses, manage leave requests, provide assessments, manage taxes, and a lot more. munotes.in
Page 81
80 Management Information System
80 Employees can also be granted access rights to submit leave and reimbursement requests, view pay checks, record working hours, view information about other employees, and so on. To handle procurement Without the help of an integrated system, companies will have difficulty managing the purchase of goods and communicating with suppliers. ERP systems allow companies to automate purchases, control costs incurred for purchasing goods, and speed up the order management. To gain comprehensive insights Generating reports is a time-consuming task. But with an ERP system, financial, tax summary, sales reports, etc. can be created in just seconds. ERP systems allow companies to create accurate and complete reports that can help stakeholders make better business decisions. 6.1.2 Benefits of ERP Systems Today’s ERP solutions have rich feature sets that bring countless benefits to businesses. While what an individual firm sees as the greatest value of this technology will vary, here are key universal advantages ERP delivers: 1. Cost savings: Perhaps the biggest value proposition of ERP systems is they can save your organization money in a number of ways. By automating many simple, repetitive tasks, you minimize errors and the need to add employees at the same rate as business growth. Cross-company visibility makes it easier to spot inefficiencies that drive up costs and leads to better deployment of all resources, from labor to inventory to equipment. And with cloud ERP, companies may quickly see incremental value from the software, over and above what they’re spending. 2. Workflow visibility: With all workflows and information in one place, employees with access to the system can see the status of projects and the performance of different business functions relevant to their jobs. This visibility may be particularly valuable to managers and leaders, and it’s far faster and easier than searching for the right documents and constantly asking colleagues for updates. 3. Reporting/analytics: Data is useful only if companies can analyze and understand it, and an ERP helps with that. Leading solutions have impressive reporting and analytics tools that allow users to not only track KPIs, but display any metrics or comparisons they can dream up. Since an ERP is all-encompassing, it can help a business understand how a change or problem with a process in one department affects the rest of the company. munotes.in
Page 82
81
ERP, SCM And CRM 4. Business insights/intelligence: Because ERPs can access real-time data from across the company, these systems can uncover impactful trends and provide extensive business insights. This leads to better decision-making by organizational leaders who now have easy access to all relevant data. 5. Regulatory compliance & data security: Financial reporting standards and governmental and industry-specific data security regulations change frequently, and an ERP can help your company stay safe and compliant. An ERP provides an audit trail by tracking the lifecycle of each transaction, including adherence to required approval workflows. Businesses may also reduce the chance of errors and related compliance snafus with automation. ERP software provides financial reports that comply with standards and regulations, and SaaS applications are well-equipped to help companies with PCI-DSS compliance. 6. Risk management: ERP technology reduces risk in a few ways. Granular access control and defined approval workflows can strengthen financial controls and reduce fraud. Additionally, more-accurate data heads off mistakes that could lead to lost sales or fines. And finally, the ability to see the status of the entire operation enables employees to quickly handle risks posed by business disruptions. 7. Data security: ERP providers understand that your system houses critical, sensitive data and take necessary steps to ensure it is secure. This diligence is more important than ever as the volume and scale of cyberattacks increase. Cloud ERP software, in particular, uses cutting-edge security protocols to ensure your company doesn’t fall victim to a damaging attack. 8. Collaboration: Employees are most effective when they work together. ERP solutions make it easy to share information — like purchase orders, contracts and customer-support records — among teams. It knocks down walls between departments by giving employees appropriate access to real-time data on related business functions. 9. Scalability: The right ERP system will be scalable and flexible enough to meet your company’s needs today and for the foreseeable future. Cloud systems in particular adapt to minor and major operational changes even as the amount of data the organization captures and demand for access increase. munotes.in
Page 83
82 Management Information System
82 10. Flexibility: While ERP software helps businesses follow best practices, it also offers the flexibility to support unique processes and objectives. The system gives administrators the ability to build out company-specific workflows and create automatic reports important to different departments and executives. An ERP enhances your organization’s innovation and creativity. 11. Customization: While most companies find that modern ERPs support their businesses “out of the box,” some firms need to add to the extensive built-in functionality. If you have a lot of specialized processes, look for an extensible system that allows your integrator or IT staff to write code that adds needed features, or that can integrate with homegrown or legacy solutions. However, before going the custom route, take a close look at your processes — the prebuilt functionality and configurations modern ERP solutions support are based on best practices gathered from thousands of companies. Aim to minimize customizations. 12. Customer & partner management: An ERP can strengthen a company’s partner and customer relationships. It can provide insights on suppliers, shipping carriers and service providers, with the cloud enabling even better, more convenient information exchange. When it comes to customers, the solution can track survey responses, support tickets, returns and more so the organization can keep its finger on the pulse of customer satisfaction.
munotes.in
Page 84
83
ERP, SCM And CRM 6. 1.3 ERP MODELS An ERP module is a software component or part of the ERP program that takes care of a particular operation or department. All ERP software, including SAP, Oracle, Netsuite and more are made up of multiple ERP modules such as financial management and accounting, warehousing and inventory, supply chain, procurement and more. ERP modules are powerful tools for adapting business processes across departments and improving cross-departmental workflows. In the following article, we have presented some of the most common and basic ERP modules that can be found in all ERP systems. Sources: 2, 6, 11 Enterprise Resource Planning (ERP) consists of various modules or components that are part of the overall system, depending on the business unit. An ERP system consists of modules, and each module focuses on a certain area of the business process, including finance and marketing. ERP Finance Module, Manufacturing Module, ERP Supply Chain Module, Human Resources Module, Production Management Module, Sales and Sales Module, Quality Management Module, Customer Relationship Management Module and Purchasing Module, Material Management Module The different modules of the ERP software represent the business processes and help to unify data and processes at a central location. Each ERP module is designed for a specific business function and provides data and support processes to help employees do their job better. The various functions of a company in an ERP system consist of different modules. Sources: 4, 8, 10 Sales & Marketing The sales and marketing module in the ERP software helps to store information about leads and customers, including inquiries, offers, contact details, invoices, etc. It is a kind of CRM system for companies that helps to improve the relationship between business prospects and customers, provide support and improve the customer experience. Sources: 4 The various ERP department modules manage the core business functions uniformly and are designed to facilitate the seamless flow of information between multiple departments such as sales, inventory management, customer relationship management, human resources, finance, etc. Sources: 3 Supply Chain Management One of the most popular ERP systems is the Supply Chain Management module, which helps companies manage the entire material flow from the manufacturer to the retailer and the end customer. The goal of the Oracle ERP Manufacturing Module for ERP is to provide complete inventory management and streamline the production cycle for supply chain components with a management system. Another function of the product management module in an ERP system is the automation of the manufacturing process through functions such as material invoicing and BOM cost estimation to track additional costs. Sources: 3, 5, 10 munotes.in
Page 85
84 Management Information System
84 With this module, companies are able to make decisions based on the latest information from their ERP system. Real-time data is similar to standalone supply chain management software and is an essential feature of the ERP software module Supply Chain Management. With advanced databases and real-time analysis of data and features of ERP systems, this module provides accurate business forecasts. Sources: 0, 1, 3 ERP software comes with multiple systems and modules to be purchased by an organization according to the usefulness of its business. Many different ERP software modules are available to complement the system and customize the solution for your business. Since different companies have different objectives when choosing the software, they can choose the ERP module that suits their business processes and is tailored to their business needs. Sources: Human Resources & Personnel The HR and personnel module of an ERP system helps to maintain a comprehensive employee database. It takes care of activities such as the preparation of payslips, payouts, payslips, etc. Sources: 3 By integrating different modules into an ERP system and collecting data from different departments within the company, a centralized repository of business data is created. The most important ERP modules store employee data such as general information such as working hours, attendance, sick leave, vacation, etc. Sources: 7, 11 Finance & Accounting Management Organizations need sophisticated purchasing options to purchase the raw materials and components needed for manufacturing through sophisticated procurement software modules from ERP vendors and third-party vendors. Finance and accounting modules are important ERP modules because they enable companies to understand their current financial situation and future prospects. Sources: 8, 12 The key functions of the finance and management module in an ERP system are the recording and management of receivables and liabilities, cash management and the preparation of financial reports such as balance sheets, profit and loss accounts and cash flow accounts. The ERP finance module also shares data with other core business functions such as Inventory Management, Production Planning, Purchase, Customer Relationship Management (CRM) and others. Transactions between one module or another have a financial impact on the accounting system because they trigger actions that transfer data between the ERP and the finance module. Sources: 10, 12 The financial management module of an ERP system helps to collect and track financial information and makes it available in the form of annual financial statements. An ERP financial module is a software component that takes over the most important accounting and financial management functions of a resource planning system for companies. munotes.in
Page 86
85
ERP, SCM And CRM
6.1.4 Benefits of ERP modules ERP modules help your business attain the desired efficiency and enhance day-to-day activities by automating all business processes. It keeps all the data in a centralized place and gives clear data whenever you need it. It improves business reporting with the help of reporting features with real-time data. It helps to eliminate the manual process and reduces errors done by the manual errors. Thus, it increases the efficiency and productivity of the business. It provides better communication within the department as well as between the departments. When there is a smooth flow of information, cooperation in the workplace also increases. It helps the business provide good customer service by enhancing on-time delivery and order accuracy. It allows the business to control who can use, share, and edit the data. ERP modules analyze the real-time data. Enhances profitability by avoiding extra expenses like an additional store of inventories. It improves the cash flow with better invoicing. 6.2 SUPPLY CHAIN MANAGEMENT (SCM) 2.1 Introduction Supply chain management is the handling of the entire production flow of a good or service — starting from the raw components all the way to delivering the final product to the consumer. A company creates a network of suppliers (“links” in the chain) that move the product along from the suppliers of raw materials to those organizations that deal directly with users.
munotes.in
Page 87
86 Management Information System
86 How does supply chain management work? According to CIO, there are five components of traditional supply chain management systems: Planning Plan and manage all resources required to meet customer demand for a company’s product or service. When the supply chain is established, determine metrics to measure whether the supply chain is efficient, effective, delivers value to customers and meets company goals. Sourcing Choose suppliers to provide the goods and services needed to create the product. Then, establish processes to monitor and manage supplier relationships. Key processes include: ordering, receiving, managing inventory and authorizing supplier payments. Manufacturing Organize the activities required to accept raw materials, manufacture the product, test for quality, package for shipping and schedule for delivery. Delivery and Logistics Coordinate customer orders, schedule deliveries, dispatch loads, invoice customers and receive payments. Returning Create a network or process to take back defective, excess or unwanted products. 6.2.2 Why is supply chain management important? Effective supply chain management systems minimize cost, waste and time in the production cycle. The industry standard has become a just-in-time supply chain where retail sales automatically signal replenishment orders to manufacturers. Retail shelves can then be restocked almost as quickly as product is sold. One way to further improve on this process is to analyze the data from supply chain partners to see where further improvements can be made. By analyzing partner data, the CIO.com post identifies three scenarios where effective supply chain management increases value to the supply chain cycle: Identifying potential problems. When a customer orders more product than the manufacturer can deliver, the buyer can complain of poor service. Through data analysis, manufacturers may be able to anticipate the shortage before the buyer is disappointed. munotes.in
Page 88
87
ERP, SCM And CRM Optimizing price dynamically. Seasonal products have a limited shelf life. At the end of the season, these products are typically scrapped or sold at deep discounts. Airlines, hotels and others with perishable “products” typically adjust prices dynamically to meet demand. By using analytic software, similar forecasting techniques can improve margins, even for hard goods. Improving the allocation of “available to promise” inventory. Analytical software tools help to dynamically allocate resources and schedule work based on the sales forecast, actual orders and promised delivery of raw materials. Manufacturers can confirm a product delivery date when the order is placed — significantly reducing incorrectly-filled orders. 6.2.3 Scope of SCM
6.2.4 SCM Processes Customer Relationship Management Customer Service Management Demand Management Customer Order Fulfillment Manufacturing Flow Management Procurement Management Product Development and Commercialization Returns Management
munotes.in
Page 89
88 Management Information System
88 6.2.5 Advantages of SCM SCM have multi-dimensional advantages − To the suppliers − Help in giving clear-cut instruction Online data transfer reduce paper work Inventory Economy − Low cost of handling inventory Low cost of stock outage by deciding optimum size of replenishment orders Achieve excellent logistical performance such as just in time Distribution Point − Satisfied distributor and whole seller ensure that the right products reach the right place at right time Clear business processes subject to fewer errors Easy accounting of stock and cost of stock ● Channel Management − Reduce total number of transactions required to provide product assortment Organization is logically capable of performing customization requirements ● Financial management − Low cost Realistic analysis ● Operational performance − It involves delivery speed and consistency. ● External customer − Conformance of product and services to their requirements Competitive prices Quality and reliability Delivery After sales services munotes.in
Page 90
89
ERP, SCM And CRM ● To employees and internal customers − Teamwork and cooperation Efficient structure and system Quality work Delivery 6.2.6 Key features of effective supply chain management The supply chain is the most obvious “face” of the business for customers and consumers. The better and more effective a company’s supply chain management is, the better it protects its business reputation and long-term sustainability. IDC’s Simon Ellis in The Path to a Thinking Supply Chain¹ defines what is supply chain management by identifying the five “Cs” of the effective supply chain management of the future: Connected: Being able to access unstructured data from social media, structured data from the Internet of Things (IoT) and more traditional data sets available through traditional ERP and B2B integration tools. Collaborative: Improving collaboration with suppliers increasingly means the use of cloud-based commerce networks to enable multi-enterprise collaboration and engagement. Cyber-aware: The supply chain must harden its systems and protect them from cyber-intrusions and hacks, which should be an enterprise-wide concern. Cognitively enabled: The AI platform becomes the modern supply chain's control tower by collating, coordinating and conducting decisions and actions across the chain. Most of the supply chain is automated and self-learning. Comprehensive: Analytics capabilities must be scaled with data in real time. Insights will be comprehensive and fast. Latency is unacceptable in the supply chain of the future. Many supply chains have begun this process, with participation in cloud-based commerce networks at an all-time high and major efforts underway to bolster analytics capabilities. 6.2.7 Information Management in SCM Information management systems have the potential to change organizations and promote the emergence of new businesses. Their main goal is to enhance information flow and facilitate the decision making process. An information management system is one of the few elements of supply chain that can offer both improved performance and lower cost. It enables companies to maintain key information in an accessible format and helps to take operational and planning decisions. The adoption and munotes.in
Page 91
90 Management Information System
90 successful implementation of software and network technology contribute in a large way for the supply chain success facilitating the flow of information and enhancing the efficiency of supply chain activities. Logistics activities are key activities in the supply chain, including planning, designing, implementing and managing the flow, storage of materials and information exchange in order to support basic logistics functions such as procurement, distribution, transportation, inventory management, packaging and manufacturing. Information technologies are seen as a resource of a company, as a source of its competitive advantage and serve as a catalyst of change in a company. With the growing trend toward the use of international supply chains and e-commerce, logistics service providers for product warehousing, transportation and delivery are placing greater emphasis on information technologies in order to remain competitive globally. In the last decades, innovative technologies that have deeply affected the way business are performed and the way that companies compete. Innovations in digital commerce play a key role in managing inter-organizational networks of supply chain members. The internet represents a powerful technology for commerce and communication between supply chain participants as well as a technique for the improvement of supply chain management. The fact that Information Technologies have a positive impact on efficiency as well as the overall performance of every company that uses them, regardless of its primary activity, is already well known. Therefore, supply chain companies can also greatly benefit from the use of Information Technologies. Nevertheless results depend mostly on the level and type of Information Technologies usage, which are correlated to the company's size and availability of technology, make the integration of business processes along the supply chain still possible just with proper use of right technologies. And the fact that the use of information technologies requires redesign and reorganization of logistics processes, which can be seen as one of the most important barriers to technology adoption. Therefore new technologies and tools are required to gain and/or obtain stability and effectiveness of the supply chain. Examples of information systems in supply chain management Information Technologies Used in Supply chain or Logistics Barcoding. ... Electronic Data Interchange (EDI) ... Extensible Markup Language (XML) ... Data Management. ... Imaging. ... Artificial Intelligence Systems. ... Radio Frequency or RF Technology. ... Computer on Board and Satelite Tracking. munotes.in
Page 92
91
ERP, SCM And CRM 6.3 CUSTOMER RELATIONSHIP MANAGEMENT(CRM) Customer relationship management (CRM) is the combination of practices, strategies and technologies that companies use to manage and analyse customer interactions and data throughout the customer lifecycle. The goal is to improve customer service relationships and assist in customer retention and drive sales growth. CRM systems compile customer data across different channels, or points of contact, between the customer and the company, which could include the company's website, telephone, live chat, direct mail, marketing materials and social networks. CRM systems can also give customer-facing staff members detailed information on customers' personal information, purchase history, buying preferences and concerns. From the organization's point of view, this entire relationship encompasses direct interactions with customers, such as sales and service-related processes, forecasting, and the analysis of customer trends and behaviours. Ultimately, CRM serves to enhance the customer's overall experience. 6.3.1 Understanding Customer Relationship Management (CRM) Elements of CRM range from a company's website and emails to mass mailings and telephone calls. Social media is one-way companies adapt to trends that benefit their bottom line. The entire point of CRM is to build positive experiences with customers to keep them coming back so that a company can create a growing base of returning customers. Increasingly, the term CRM is being used to refer to the technology systems companies can engage to manage their external interactions with customers at all points during the customer lifecycle, from discovery to education, purchase, and post-purchase. With an estimated global market value of over $40 billion in 2018, CRM technology is widely cited as the fastest-growing enterprise-software category, which largely encompasses the broader software-as-a-service (SaaS) market. Five of the largest players in the CRM market today include cloud computing giant Salesforce, Microsoft, SAP, Oracle and Adobe Systems. The goal of customer relationship management is to gather enough information about a customer and use it well enough to increase that customer's positive interactions with the company, thereby increasing that company's sales. For small businesses, customer relationship management includes processes and systems for: Lead generation and conversion: Identifying and targeting a company's ideal customers; generating quality sales leads; planning and implementing marketing campaigns with clear goals and objectives munotes.in
Page 93
92 Management Information System
92 Relationship building: Creating regular communication channels; building and improving relationships with customers; providing individualized attention to the most profitable customers Customer service: Providing employees with the information they need to understand customers' wants and needs, address concerns, solve problems, and increase customer satisfaction CRM systems are collaborative. These systems are used to gather data through all phases of the customer relationship (marketing, sales, and service). 6.3.2 Components of CRM At the most basic level, CRM software consolidates customer information and documents it into a single CRM database so business users can more easily access and manage it. Over time, many additional functions have been added to CRM systems to make them more useful. Some of these functions include recording various customer interactions over email, phone, social media or other channels; depending on system capabilities, automating various workflow automation processes, such as tasks, calendars and alerts; and giving managers the ability to track performance and productivity based on information logged within the system. Marketing automation. CRM tools with marketing automation capabilities can automate repetitive tasks to enhance marketing efforts at different points in the lifecycle for lead generation. For example, as sales prospects come into the system, it might automatically send email marketing content, with the goal of turning a sales lead into a full-fledged customer. Sales force automation. Sales force automation tools track customer interactions and automate certain business functions of the sales cycle that are necessary to follow leads, obtain new customers and build customer loyalty. Contact center automation. Designed to reduce tedious aspects of a contact center agent's job, contact center automation might include prerecorded audio that assists in customer problem-solving and information dissemination. Various software tools that integrate with the agent's desktop tools can handle customer requests in order to cut down on the length of calls and to simplify customer service processes. Automated contact center tools, such as chatbots, can improve customer user experiences. Geolocation technology, or location-based services. Some CRM systems include technology that can create geographic marketing campaigns based on customers' physical locations, sometimes integrating with popular location-based GPS (global positioning system) apps. Geolocation technology can also be used as a networking or contact management tool in order to find sales prospects based on a location. munotes.in
Page 94
93
ERP, SCM And CRM Workflow automation. CRM systems help businesses optimize processes by streamlining mundane workloads, enabling employees to focus on creative and more high-level tasks. Lead management. Sales leads can be tracked through CRM, enabling sales teams to input, track and analyze data for leads in one place. Human resource management (HRM). CRM systems help track employee information, such as contact information, performance reviews and benefits within a company. This enables the HR department to more effectively manage the internal workforce. Analytics. Analytics in CRM help create better customer satisfaction rates by analyzing user data and helping create targeted marketing campaigns. Artificial intelligence. AI technologies, such as Salesforce Einstein, have been built into CRM platforms to automate repetitive tasks, identify customer-buying patterns to predict future customer behaviors and more. Project management. Some CRM systems include features to help users keep track of client project details such as objectives, strategic alignment, processes, risk management and progress. Integration with other software. Many CRM systems can integrate with other software, such as call center and enterprise resource planning (ERP) systems. 6.3.3 Types of CRM technology The four main vendors of CRM systems are Salesforce, Microsoft, SAP and Oracle. Other providers are popular among small to midsize businesses, but these four tend to be the choice for large corporations. The types of CRM technology offered are as follows: 6.3.3.1 Cloud-based CRM With CRM that uses cloud computing, also known as SaaS (software as a service) or on-demand CRM, data is stored on an external, remote network that employees can access anytime, anywhere there is an internet connection, sometimes with a third-party service provider overseeing installation and maintenance. The cloud's quick, relatively easy deployment capabilities appeal to companies with limited technological expertise or resources. Data security is a primary concern for companies using cloud-based systems, as the company doesn't physically control the storage and maintenance of its data. If the cloud provider goes out of business or is acquired by another company, an enterprise's data can be compromised or lost. Compatibility issues can also arise when data is initially migrated from a company's internal system to the cloud. munotes.in
Page 95
94 Management Information System
94 Companies might consider cloud CRM as a more cost-effective option. Vendors typically charge the user on a subscription basis and offer the option of monthly or yearly payments. However, cost may still be a concern, because paying subscription fees for software can be more costly over time than with on-premises models. Popular cloud-based CRM providers include Salesforce, HubSpot and Zendesk. 6.3.3.2 On-premises CRM This system puts the onus of administration, control, security and maintenance of the database and information on the company using the CRM software. With this approach, the company purchases licenses upfront, instead of buying yearly subscriptions from a cloud CRM provider. The software resides on the company's own servers and the user assumes the cost of any upgrades. It also usually requires a prolonged installation process to fully integrate a company's data. Companies with complex CRM needs might benefit from an on-premises deployment. Many cloud-based providers, such as Salesforce and WorkWise, also offer on-premises versions of their CRM software. 6.3.4 Advantages of Customer Relationship Management Enhances Better Customer Service CRM systems provide businesses with numerous strategic advantages. One of such is the capability to add a personal touch to existing relationships between the business and the customers. It is possible to treat each client individually rather than as a group, by maintaining a repository on each customer’s profiles. This system allows each employee to understand the specific needs of their customers as well as their transaction file. The organization can occasionally adjust the level of service offered to reflect the importance or status of the customer. Improved responsiveness and understanding among the business employees results in better customer service. This decreases customer agitation and builds on their loyalty to the business. Moreover, the company would benefit more by getting feedback over their products from esteemed customers. Facilitates discovery of new customers CRM systems are useful in identifying potential customers. They keep track of the profiles of the existing clientele and can use them to determine the people to target for maximum clientage returns. New customers are an indication of future growth. However, a growing business utilizing CRM software should encounter a higher number of existing customers versus new prospects each week. Growth is only essential if the existing customers are maintained appropriately even with recruitment of new prospects. munotes.in
Page 96
95
ERP, SCM And CRM Increases customer revenues CRM data ensures effective co-ordination of marketing campaigns. It is possible to filter the data and ensure the promotions do not target those who have already purchased particular products. Businesses can also use the data to introduce loyalty programs that facilitate a higher customer retention ratio. No business enjoys selling a similar product to a customer who has just bought it recently. A CRM system coordinates customer data and ensures such conflicts do not arise. Helps the sales team in closing deals faster A CRM system helps in closing faster deals by facilitating quicker and more efficient responses to customer leads and information. Customers get more convinced to turn their inquiries into purchases once they are responded to promptly. Organizations that have successfully implemented a CRM system have observed a drastic decrease in turnaround time. Enhances effective cross and up selling of products Cross – selling involves offering complimentary products to customers based on their previous purchases. On the other hand, up – selling involves offering premium products to customers in the same category. With a CRM system, both cross and up – selling can be made possible within a few minutes of cross – checking available data. Enhances customer loyalty CRM software is useful in measuring customer loyalty in a less costly manner. In most cases, loyal customers become professional recommendations of the business and the services offered. Consequently, the business can promote their services to new prospects based on testimonials from loyal customers. Testimonials are often convincing more than presenting theoretical frameworks to your future prospects. With CRM, it could be difficult pulling out your loyal customers and making them feel appreciated for their esteemed support. Builds up on effective internal communication A CRM strategy is effective in building up effective communication within the company. Different departments can share customer data remotely, hence enhancing team work. Such a strategy is better than working individually with no links between the different business departments. It increases the business’s profitability since staff no longer have to move physically move while in search of critical customer data from other departments. munotes.in
Page 97
96 Management Information System
96 6.4 SUMMARY ERP software can integrate all of the processes needed to run a company. ERP solutions have evolved over the years, and many are now typically web-based applications that users can access remotely. Some benefits of ERP include the free flow of communication between business areas, a single source of information, and accurate, real-time data reporting. An ERP system can be ineffective if a company doesn't implement it carefully. Supply chain management (SCM) is the centralized management of the flow of goods and services and includes all processes that transform raw materials into final products. By managing the supply chain, companies can cut excess costs and deliver products to the consumer faster. Good supply chain management keeps companies out of the headlines and away from expensive recalls and lawsuits. The five most critical elements of SCM are developing a strategy, sourcing raw materials, production, distribution, and returns. A supply chain manager is tasked with controlling and reducing costs and avoiding supply shortages. A good CRM doesn’t stop at collecting information; it helps you harness all of that data to: Get personal at scale, sending the right messages at the right times to leads and clients Focus sales teams on the hottest prospects Shorten the sales cycle Monitor, analyse, and improve results QUESTIONS 1. Explain various ERP Modules?2. Explain scope of SCM?3. What do you mean by CRM?4. Explain Key features of effective Supply Chain Management?5. Write short notes on CRM technology?munotes.in
Page 98
97
ERP, SCM And CRM REFERENCES Enterprise Resource Planning ... by Alexis Leon Directing the ERP Implementation by Michael W. Pelphrey The CRM Handbook - Jill Dyché Customer Relationship Management The Foundation of Contemporary Marketing Strategy By Roger J. Baran Robert J. Galka munotes.in
Page 99
98 Management Information System
98 7 BUSINESS INTELLIGENCE FOR MIS Unit Structure 7.1 Objectives 7.2 Business Intelligence and MIS 7.3 what is Business Intelligence (BI), 7.4 Tools and Techniques of BI 7.5 why is BI Developed? How is BI used? 7.6 Process of generation of BI 7.7 MIS and BI. 7.8 Self Learning Topics: Case illustration of BI 7.9 Summary 7.10 Sample Questions 7.11 References 7.1 OBJECTIVES • To Understand the nature of management information systems and their applications in business. • To Identify the major management challenges in building and using information systems. • To Learn and explore IT security and Infrastructure of management information Systems and to understand the Business Intelligence and its component. 7.2 BUSINESS INTELLIGENCE AND MIS The term 'Business Intelligence' has evolved from the decision support systems and gained strength with the technology and applications like data warehouses, Executive Information Systems and Online Analytical Processing (OLAP). Business Intelligence System is basically a system used for finding patterns from existing data from operations. munotes.in
Page 100
99
Business Intelligence for MIS The definition of the term ‘Management Information System’ has been varies from person to person. It has more than one definition, some of which are given below 1) The MIS is defined as a system which provides information to support decision making process in the organization. 2) The MIS is defined as a system based on the database of the organization evolved for the purpose of providing information to the people in the organization. 3) According to Coleman and Riley ‘an MIS (a) applies to all management levels; (b) is linked to an organizational subsystem; (c) Functions to measure performance, monitor progress, evaluate alternatives or provides knowledge for change or collective action, and (d) is flexible both internally and externally’. 4) According to Schwartz, ‘MIS is a system of people, equipment procedures, documents and communication that collects, validates, operates, stores, retrieves, and present data for use in planning , budgeting , accounting, controlling and other management process’. 5) Thomas R. Prince defined MIS as ‘an approach that visualizes the business organization a single entity composed of various inter- related and inter – dependent sub systems looking together to provide timely and accurately information for management decision making, which leads to the optimization of overall enterprise goals’. 6) Frederick B. Cornish defined MIS as ‘structure to provide the information needed when needed and where needed. Further, the system represents the internal communication network of the business providing the necessary intelligence to plan, execute and control. Before business intelligence took over, many enterprises had another information system called the MIS. Management Information Systems were the heart of every business and played a vital role in data collecting, storage, processing, and reporting. However, MIS had its disadvantages and became a burden for many businesses. With business intelligence entering the market, enterprises adopted BI, not to replace MIS but to revamp their entire internal system. MIS is a small part of the business intelligence framework and is no longer enough in the competitive world to help establishments make the right decisions. Though management information systems are still used by enterprises, many have digitally transformed the systems and processes to get the best of business intelligence. BI helps enterprises reduce their costs and increase returns by enhancing customer experience and taking the businesses deeper into the market. 7.3 WHAT IS BUSINESS INTELLIGENCE (BI) BI(Business Intelligence) is a set of processes, architectures, and technologies that convert raw data into meaningful information that drives munotes.in
Page 101
100 Management Information System
100 profitable business actions. It is a suite of software and services to transform data into actionable intelligence and knowledge. BI has a direct impact on organization’s strategic, tactical and operational business decisions. BI supports fact-based decision making using historical data rather than assumptions and gut feeling. BI tools perform data analysis and create reports, summaries, dashboards, maps, graphs, and charts to provide users with detailed intelligence about the nature of the business. Business intelligence or BI is a wider concept that combines MIS, business analytics, data mining, data visualization, and much more. It is a modern framework that helps enterprises adopt the data-driven model to make better decisions based on historical and real-time data. BI gives businesses a comprehensive view of the enterprise data and makes use of this information to understand market trends, improve customer experience, evaluate existing policies, and make changes to build a better enterprise. Today’s BI tools and solutions offer self-service analysis to employees from different levels in the organization. Business intelligence tools are flexible, scalable, and user-friendly. 7.4 TOOLS AND TECHNIQUES OF BI Business intelligence (BI) tools are types of application software that collect and process large amounts of unstructured data from internal and external systems, including books, journals, documents, health records, images, files, email, video, and other business sources. Typically used for more straightforward querying and reporting of business data, business intelligence tools can combine a broad set of data analysis applications including ad hoc analysis and querying, enterprise reporting, online analytical processing (OLAP), mobile BI, real-time BI, operational BI, cloud and software as a service BI, open-source BI, collaborative BI, and location intelligence. It can also include data visualization software for designing charts, as well as tools for building BI dashboards and performance scorecards that display business metrics and KPIs to bring company data to life in easy-to-understand visuals. Tableau Tableau is one of the most popular and simple Microsoft BI tools used in organizations today. A much sought-after platform of BI, Tableau is among the top in the best BI tools list. This integrated tool allows even non-technical users to easily build personalized reports and dashboards to gain valuable information. Further, it offers a varied range of graphical representations that are extremely interactive and pleasing. This tool mainly serves two functions, the collection of data and data analysis. It gathers data from various sources such as spreadsheets and cloud applications. This Business Intelligence software is used in numerous industries and business munotes.in
Page 102
101
Business Intelligence for MIS sectors, including banking, manufacturing, education, sales, telecommunication, and more. Features of Tableau: • You can share dashboards and tools to perform group analysis on any given dataset. • You have the option to choose between two versions, the 32-bit version and the 64-bit version. • It has a feature to automatically update data, which allows the organization to receive the latest data and extract useful information from it in real-time. • You can deploy the tool either on a local server or on the cloud server. Datapine Datapine is another commonly used BI software that is easy-to-use yet powerful. This tool allows both professionals like Data Analysts and non-technical professionals to analyze, explore, and visualize data from several data sources. Additionally, it helps you collect the data from these sources and analyze it using advanced analytical and predictive features. Features of Datapine: • It consists of easy and fast data connectors that integrate the necessary data sources in a matter of a few seconds. • You can use its unique drag-and-drop feature to create appealing data visualizations in a few clicks, providing a user-friendly interface. • It also involves advanced dashboards with interactive modern features. • There are at least 80 predefined dashboard templates catering to various industries. Sisense The main purpose of the BI tool, Sisense, is to gather, analyze, and visualize datasets, irrespective of their size. It is one of the most frequently used dashboard BI tools with an intuitive feature that offers a user-friendly drag-and-drop interface, allowing anyone to use and understand it, including those who are not from an IT background. In Sisense, you need to gather and store data in a singular database that can be accessed for visualization and reporting purposes. Further, you can use the data to build dashboards through various visualization and analytical tools offered by the software. Moreover, you can share reports and dashboards with your team members or other departments within the organization, as well as outside. This allows enterprises to analyze various patterns and build informed business strategies for improvement. munotes.in
Page 103
102 Management Information System
102 Features of Sisense: • Its interactive and user-friendly dashboard provides drag-and-drop features, along with accessible tools. • Since data is centralized here, the time taken for data processing is lesser. • It offers attractive visualizations. • You can use this tool to work on all sizes of datasets with no complications. • This tool also consists of the ETL facility, report and query writer, data warehouses, and customized dashboards. Yellowfin BI Yellowfin BI, one of the best BI tools, is used as an end-to-end analytics platform, combining Machine Learning and data visualization. You can filter tons of data via intuitive filtering features such as radio buttons and checkboxes. Besides, its mobile accessibility feature and flexibility allow you to use, monitor and understand the dashboard from anywhere. Features of Yellowfin BI: • You can easily access the dashboard from anywhere including the Wiki, the company intranet, mobile devices, or the website. • Features like mapping mobile BI assist you to access and monitor the organizational data. • It allows you to make smarter and faster collective decisions. • It offers interactive reports and data-rich presentations that can make your insights more effective and presentable. Power BI Microsoft Power BI is one of the widely-used open-source BI tools that provide an environment for the analysis, integration, and visualization of data. This tool is efficient and effective in assisting organizations to make informed business decisions. Features of Power BI: • Even non-technical users can easily use it to create a Power BI project. • It uses Power Pivot to perform analytical operations, and it is easy to learn unlike the command language of Excel. • Its Power Query feature allows you to load data automatically even from extremely old databases for the report making. • You can also use this software to share reports for free. munotes.in
Page 104
103
Business Intelligence for MIS QlikView QlikView is a trending BI tool that allows you to develop apps, dashboards, and visualizations. Besides, QlikView allows you to get a complete overview of the information available in your data. Features of QlikView: • Its simple feature of drag-and-drop allows you to build interactive and extremely flexible data visualizations. • You can use natural search to navigate and access complex information. • It responds immediately to changes, updates, and interactions. • It supports several file types and data sources. • It provides easy security for content and data across endless devices. • It uses a centralized hub to share relevant data and data analysis, along with apps. Top Business Intelligence Techniques OLAP Online Analytical Processing (OLAP) is an important business intelligence technique, that is used to solve analytical problems with different dimensions. A major benefit of using OLAP is that its multi-dimensional nature provides leniency for users to look at data issues from different views. By doing so, they can even identify hidden problems in the process. OLAP is mainly used to complete tasks like budgeting, CRM data analysis, and financial forecasting. Data Visualization Data is often stored in form of numbers that are put together as a matrix. But interpreting the matrix to make business decisions is a critical task. A commoner, or even an analyst, can find the progress of data when it is stored as a set. To untangle the knot, data visualization is used. Data visualizations help professionals look at data from more than one dimension and help them make informed decisions. Therefore, visualization of data in charts is an easy and convenient way to understand the stance. Data Mining Data mining is the process of analyzing large quantities of data to discover meaningful patterns and rules by automatic or semi-automatic means. In a corporate data warehouse, the amount of data stored is very huge. Finding the actual data that could drive business decisions is quite critical. Therefore, analysts use data mining techniques to unravel the hidden patterns and relationships in data. Knowledge discovery in databases is the whole process of using the database along with any required selection, processing, sub-sampling, choosing the proper way for data transformation. munotes.in
Page 105
104 Management Information System
104 Reporting Reporting in business intelligence represents the whole process of designing, scheduling, generating the performance, sales, reconciliation, and saving the content. It helps companies to effectively gather and present information to stand by the management, planning, and decision-making process. Business leaders get to view the reports at daily, weekly, or monthly intervals as per their needs. Analytics Analytics in Business Intelligence defines the study of data to extract effective decisions and figure out the trends. Analytics is famous among business companies as it lets analysts and business leaders deeply understand the data they have and drive value from it. Many business perspectives, from marketing to call centers to use analytics in different forms. For example, call centers leverage speech analytics to monitor customer sentiments and improve the way answers are presented. Multi-Cloud Following the outbreak of the pandemic and the lockdown that came to effect, companies across the globe started moving their routine working into cloud modes. The rise of cloud technology has greatly impacted many businesses. However, even after the restrictions are lifted, companies still prefer to work over the cloud because of its lenient accessibility and easy-to-use attributes. Moving a step forward, even Research & Development initiatives are being moved to the cloud, thanks to its cost-saving and easy-to-use nature. ETL Extraction-Transaction-Loading (ETL) is a unique business intelligence technique that takes care of the overall data processing routine. It extracts data from storage, transforms it into the processor, and loads it into the business intelligence system. They are mainly used as a transaction tool that transforms data from various sources to data warehouses. ETL also moderates the data to address the need of the company. It improves the quality level by loading it into the end targets such as databases or data warehouses. Statistical Analysis Statistical analysis uses mathematical techniques to create the significance and reliability of observed relations. It also grasps the change of behavior in people that are visible in data with its distribution analysis and confidence intervals. Post data mining, analysts carry out statistical analysis to devise and get effective answers. 7.5 WHY IS BI DEVELOPED? AND HOW IS BI USED? Business intelligence refers to the tools, techniques, strategies, applications and practices businesses employ to collect, integrate, analyze and visualize information. These tools help you make better decisions and drive munotes.in
Page 106
105
Business Intelligence for MIS competitive advantages by leveraging robust predictive analytics capabilities. Understand Customers: With effective business intelligence strategies and practices, businesses can gauge their customers by analyzing their buying patterns and creating robust customer profiles and personas. They help develop better products and rich experiences for their users. One example where organizations leverage the power of BI to understand customers is customer segmentation. Most companies take customer feedback in real time to retain existing customers and approach new ones. Customer segmentation allows marketers to create distinct groups with higher accuracy levels based on what products the customers buy, when they buy, which channels they use to purchase and how often they buy. These segments provide customers with a seamless experience through custom offers, discounts and more. Boost Business Operations Visibility: Organizations that leverage business intelligence have better control and visibility over their processes. It helps them identify and rectify errors or inefficiencies in existing processes. It also allows them to predict unforeseen challenges and act accordingly. Finding out the root cause of a problem and knowing where and why the delays occur can prove useful for a logistics company struggling with late deliveries. This level of insight into business processes can also improve services. Get Actionable Insights: It is important to back your business decisions with sufficient data. BI gives you access to enormous amounts of information to gain valuable insights and make better decisions. Some of these metrics include the percentage of customers abandoning their carts. This data gives you an idea of where customers are dropping off and lets the business take necessary actions to mitigate the cart abandonment rates. Improved Efficiency: Having a robust business intelligence solution in place empowers you to boost the efficiency of your business, improve overall performance and increase revenue. Making data available across all departments reduces the waiting times for report requests and increases the productivity of all teams with self-service capabilities. Data should be available for everyone in the organization. It helps teams stay informed and make data-driven decisions. Access to Real-Time Data: A business intelligence solution provides access to real-time information that reduces the risk of potential errors while preparing critical data reports. Having access to real-time data enables you to monitor the company’s health, detect and address operational inefficiencies, act on short-term market fluctuations and boost customer experiences. Stronger Marketing Efforts: BI solutions let you create marketing campaigns that boost ROI. It provides key metrics, including customer acquisition cost (CAC), cost per lead (CPL), click-through rate (CTR) of campaigns and more. It also enables you to understand employee productivity, revenue, profit margins, sales in specific regions, department-specific performances and more. It can uncover the strengths and munotes.in
Page 107
106 Management Information System
106 weaknesses of business processes and operations. It can also set up alerts to track key metrics that matter most to your business. Provides Competitive Advantages: Business intelligence solutions allow you to understand what your competitors are up to, their strategies, approaches and more. It helps you improve your products and services while providing a seamless customer experience. Moreover, a company that closely monitors its internal processes and systems always stays ahead of the game. Manage and manipulate large amounts of data to perform competitive analysis. Moreover, budgeting, planning and forecasting are powerful ways to stay ahead of the competition. You can track competitors’ sales and marketing performance and learn to differentiate your products and services. Improved Reporting: These systems help you create robust reports while slicing data to uncover hidden insights and trends. These insights help organizations make better decisions and gain an advantage over their competitors with ad hoc reporting capabilities. Monitor KPIs using KPI software by leveraging financial, operations and sales data from different sources. Generate reports in real time to make accurate decisions. Reports consist of easy-to-read visualizations such as tables, charts and graphs. Interactive reports let you play around with different variables and gauge trends, patterns and insights. Identify Market Trends: Leverage external market data to detect sales trends and target regions that qualify for huge profit margins. Analyze customer data and market conditions to identify new markets. Some organizations leverage social media to gauge the market through user comments and feedback. Social media proves to be a valuable source for insights into customer preferences and pain points. Increase Revenue: Leverage BI tools to ask questions about why things happened through making comparisons across various dimensions. Identify sales weaknesses, get customer feedback, analyze competitors and improve operations with the help of BI to boost revenue. Human Resources: Businesses utilize human resources data to perform employee productivity analysis, compensation and payroll tracking, determine upskilling needs, gain useful insights into employee performance and satisfaction and create high-performing organizations. Finance: BI tools provide valuable insights into financial performance. It helps you track quarterly and annual budgets, identify potential issues before they occur and boost organizational health and financial stability. It tracks customer behaviors to prevent fraudulent activities and ensures regulatory compliance while addressing potential insider threats. Sales and Marketing: BI solutions analyze consumer behavior and buying patterns to develop products and services to match their needs. You can create robust visualizations for sales performance, in-depth conversion rates and total revenue analysis. Gauge markets to identify potential selling opportunities and perform competitive analysis to plan future courses of munotes.in
Page 108
107
Business Intelligence for MIS action. View performance and trends of current and past marketing campaigns, a breakdown of cost per lead, return on investment, site traffic analytics and actionable information on marketing dashboards. 7.6 PROCESS OF GENERATION OF BI The development of a business intelligence system can be assimilated to a project, with a specific final objective, expected development times and costs, and the usage and coordination of the resources needed to perform planned activities. Analysis: During the first phase, the needs of the organization relative to the development of a business intelligence system should be carefully identified. This preliminary phase is generally conducted through a series of interviews of knowledge workers performing different roles and activities within the organization. It is necessary to clearly describe the general objectives and priorities of the project, as well as to set out the costs and benefits deriving from the development of the business intelligence system. Design - The second phase includes two sub-phases and is aimed at deriving a provisional plan of the overall architecture, taking into account any development in the near future and the evolution of the system in the midterm Planning - The planning stage includes a sub-phase where the functions of the business intelligence system are defined and described in greater detail. Subsequently, existing data as well as other data that might be retrieved externally are assessed. This allows the information structures of the business intelligence architecture, which consist of a central data warehouse and possibly some satellite data marts, to be designed. Implementation and control: The last phase consists of five main sub-phases. First, the data warehouse and each specific data mart are developed. These represent the information infrastructures that will feed the business intelligence system. In order to explain the meaning of the data contained in the data warehouse and the transformations applied in advance to the primary data, metadata archive should be created.
munotes.in
Page 109
108 Management Information System
108 7.7 MIS AND BI. Business Intelligence (BI) is a modern age technological concept where organizations irrespective of whether big or small invests in these solutions. The reasons for such investments are different based on the business wise specific requirements and industry verticals. The best part that BI offers over MIS is the interactivity function. MIS is just a small part of the entire Business Intelligence (BI) framework. These were especially used for revenue and expense reporting, burdened with inaccuracy, inconsistency and unmanageable complications. Business Intelligence aka BI is a modern age technological idea where organizations irrespective of size invests in these solutions. The reasons for such investments are different based on the business-wise specific requirements and industry verticals. The best part that BI offers over Management Information Systems aka MIS is the interactivity function. MIS is just a small part of the entire BI framework. Traditional MIS systems turn out with imprecision, inconsistency, and unruly complexity. Thus the way the data is collected, stored, compiled and presented to management makes it unfit for analysis and decision making. Limitations of MIS • Conventional MIS furnishes reports and data in an aggregate form • Conventional MIS doesn’t facilitate data massaging between inter-department or cost/profit centres Benefits of Business Intelligence System over conventional MIS. • Uniform, reliable and error-free reports: rather than aggregated reports • Data warehouse/Data lake from multiple systems and software: integrate customer, process, marketing, finance, etc specific data at a single source of truth • Role-specific & row-level security enabled reports: allow access of data to the manager with information relevant to their function/role • Web-based dashboards: prevent access of sensitive data to unauthorized users • Scheduling automated refresh: set alerts and rules to view the latest data and receive reports securely from systems. • Reduction in man-hours (FTE: full-time employee): save a considerable amount of time and efforts switching between teams. munotes.in
Page 110
109
Business Intelligence for MIS 7.8 SELF LEARNING TOPICS: CASE ILLUSTRATION OF BI Conduct a case study on any two of the following topics: 1) How does Netflix use Business Intelligence? 2) New York Shipping Exchange: BI Reduces IT dependency. 3) SKF Bearings: BI Streamlining Manufacturing Process. 4) Starbucks Loyalty card and BI integration. 5) Tesla – connect car wirelessly. 6) Twitter – Use of BI to fight with inappropriate contents. 7) UBER – BI Application in core aspect. 8) Walmart – BI in understanding online customer behaviour. 7.9 SUMMARY Information is considered as the lifeblood of the organization. It plays an important and effective role in managing the day-to-day affairs of a business organization. Business managers at top level and at operational level are generally confronted with complex problems which are emerging as a result of high rate of growth, change in business size, and development in the field of technical, change in consumer’s preferences and change in brand loyalties, intense degree of competition nationally and internationally, and changing government policies and regulations etc.. 7.10 SAMPLE QUESTIONS 1) List different Definitions Business Intelligence as defined by different Authors and researchers? 2) List the various BI tools available. Also explain the features of BI Tools. 3) Explain any five Business Intelligence techniques. 4) Explain the reasons why is BI Developed? 5) Explain the application of BI in business domain? 6) List and explain the different phases in development of BI System. munotes.in
Page 111
110 Management Information System
110 7.11 REFERENCES 1. Management Information Systems- A global digital Enterprise perspective, 5th edition - By W.S.Jawdekar, TMG Publications 2. MIS: Managing Information Systems in Business, Government and Society, 2ed by Rahul De, Wiley 3. Management Information System, James O‘Brien, 7th edition, TMH 4. Management Information Systems, Loudon and Loudon, 11th edition, Pearson. munotes.in
Page 112
111 8 MANAGING INFORMATION SYSTEMS AND INFORMATION TECHNOLOGY INFRASTRUCTURE Unit Structure 8.1 Objectives 8.2 Introduction 8.3 Managing Information System 8.3.1 Challenges of Managing the IT Function 8.3.2 Vendor Management 8.3.3 IT Governance 8.4 Information Technology Infrastructure and Choices. 8.4.1 What is the IT Infrastructure? 8.4.2 IT Infrastructure Decisions 8.4.3 Infrastructure Components 8.4.4 Networks 8.5 Self Learning Topics: Case Study of Managing Information System 8.6 Summary 8.7 Practice Questions 8.8 References 8.1 OBJECTIVES To make you understand the role of information technology in an organization. To understand the leadership role of Management Information Systems in achieving business competitive advantage through informed decision making. To analyze and synthesize business information and systems to facilitate evaluation of strategic alternatives. To effectively communicate strategic alternatives to facilitate decision making. 8.2 INTRODUCTION MIS Meaning: A management information system is an acronym of three words, viz., Management, information, system. In order to fully understand the term MIS, let us try to understand these three words. munotes.in
Page 113
112 Management Information System
112 1. Management: Management is the art of getting things done through and with the people in formally organised groups. 2. Information: Information is data that is processed and is presented in a form which assists decision-making. It may contain an element of surprise, reduce uncertainty or provoke a manager to initiate an action. 3. System: A system is an orderly grouping of interdependent components linked together according to a plan to achieve a specific goal. The term system is the most loosely held term in management literature because of its use in different contexts. MIS is the Study of People, Technology and Organizations. 8.3 MANAGING INFORMATION SYSTEM: 8.3.1 Challenges of Managing the IT Function 1. Lack of Powerful Computing Platforms The major challenge in growing processing power of computers has been the lack of energy and space to power supercomputers. IT managers have always been on the lookout for better and faster systems which will help in the faster processing of the large amounts of data available today. 2. Data Acquisition Problems Firewalls which protect emails, applications and web browsing can cause important packet losses in the TCP/IP networks. This can result in important data loss and reduce the network speeds considerably, making the online collaboration impossible. Similar losses can occur due to the switches and routers which do not have the required high-speed memory. 3. Compute Management and Provisioning One of the biggest challenges for IT managers is the humongous amounts of data that is available today. High-performance computing of these large data sets will require virtualization and automation to avoid adding more people to these processes. The major challenge for IT managers is to simplify these tasks and speed up the processing. 4. Lack of Efficient Data Storage Architectures Cloud storage has taken over in most of the cases in the modern world. Though it is a cost-effective and scalable alternative for data storage for IT managers, it does not provide the required data storage architectures which can accommodate a variety of applications. The IT community needs something more flexible which is beyond space and cost in cloud storage options. munotes.in
Page 114
113
Managing Information
Systems and Information
Technology Infrastructure 5. Dearth of Ways to Improve Data Analytics Currently there are not many methods in place which can be used by IT managers to separate quality data from the humongous data sets. It is important to identify patterns in the data and correctly analyze it and use it to take business decisions in infrastructure management. 6. Improper Networks and Connectivity For any organization to work smoothly, it is important that there is a good and reliable network in place. Without a reliable network connection, IT infrastructure management can be a difficult task for any IT manager of the organization. New software-based methods and network architecture design are required for the optimization of data. 7. Decreased performance levels In a fiercely competitive business environment, companies expect their employees to perform their best and meet their productivity goals. While it is common for employees to go through periods of time where they are less productive and motivated, there are ways to help them feel motivated again. If left unresolved, a decrease in productivity can affect the performance of other team members and overall project goals. 8. Hiring skilled employees Making the right hiring decisions is crucial for the long-term success of a business. Apart from the right skills and experience, managers look for people who can fit in with the company culture. The team can benefit from new employees who can settle in quickly and do not require extensive guidance. A wrong hiring decision can negatively impact your team's morale. If some employees constantly fail to handle their assigned tasks, it could affect the team's overall performance and result in friction within the team. 9. Poor communication and Team Work Another challenge that managers face when overseeing teams is ensuring effective communication. Because every team member has a different personality, there is a chance for miscommunication from time to time. Communication problems can escalate and affect work relationships and productivity. A lack of cohesiveness in a team can cause several managerial issues. The team might have poor communication or face trouble working well together. Some team members may focus more on completing their specific tasks and less on collaborating with the rest of the team. This can have a detrimental effect on a project's progress and can even affect the company's long-term business interests. 10. Time management Managers are in charge of ensuring that the team completes their work on schedule. If the team falls behind, it might affect other planned schedules and the company's business interests. This can create stress within the team and lead to poor productivity or work quality. In their munotes.in
Page 115
114 Management Information System
114 rush to finish the project, the employees might lose their focus and make mistakes, resulting in revisions and more delays. 11. Retaining high performers Employees with specialised skills are in demand across industries. It is part of a manager's job to make an effort to retain these high performers. Otherwise, they are likely to move on to other companies where they are better appreciated. Staff retention is one of the most pressing issues in management. 8.3.2 Vendor Management Vendor management is a term that describes the processes organizations use to manage their suppliers, who are also known as vendors. Vendor management includes activities such as selecting vendors, negotiating contracts, controlling costs, reducing vendor-related risks and ensuring service delivery. The vendors used by a company will vary considerably depending on the nature of the organization, and could include companies as diverse as seafood suppliers, IT vendors, cleaners and marketing consultants. Vendors can also range in size from sole traders to large organizations. Companies may use a vendor management strategy to ensure vendor relationships deliver the intended value, with efficient processes. A strategy may include areas such as setting out clear and quantifiable goals, tracking KPIs and building and maintaining effective relationships with vendors. Companies may also classify their suppliers in order to identify their strategic vendors and invest in strengthening those relationships. Other considerations may include taking steps to avoid relying too heavily on a particular vendor. Vendor management process The vendor management process includes a number of different activities, such as: • Selecting vendors. The vendor selection process includes researching and sourcing suitable vendors and seeking quotes via requests for quotation (RFQs) and requests for proposal (RFPs), as well as shortlisting and selecting vendors. While price will inevitably be a consideration during the selection process, companies will also need to evaluate other factors when deciding which vendors to appoint for a particular contract, such as a vendor’s reputation, capacity and track record, as well as the vendor’s ability to communicate effectively. • Contract negotiation. It’s important to get the contract right at the outset and to ensure the terms agreed benefit both parties. Negotiating a contract can take time, and the process will include defining the goods or services that will be included, the start and end dates of the arrangements and all essential terms and conditions. Attention may also need to be paid to areas such as confidentiality and non-compete clauses. munotes.in
Page 116
115
Managing Information
Systems and Information
Technology Infrastructure • Vendor onboarding. This will involve gathering the documentation and information needed to set the vendor up as an approved supplier to the company and ensure that the vendor can be paid for the goods or services they provide. As well as essential contact and payment information, the onboarding process may also include information such as relevant licenses held by the vendor, as well as tax forms and insurance details. • Monitoring vendor performance. As part of the vendor management process, companies will monitor and evaluate the performance of their vendors. This may include evaluating their performance against key performance indicators (KPIs) such as quality and volume of goods or delivery dates. • Monitoring and managing risk. Vendors should be monitored for risks that could impact the company, such as the risk of compliance breaches, lawsuits, data security issues and loss of intellectual property. Companies will also need to monitor the risk that a vendor’s actions or a failure to provide goods and services as agreed may result in disruption to the company’s operations. • Payment. Ensuring vendors are paid on time for the goods and services they provide, in line with the agreed terms. 8.3.3 IT Governance IT governance is the alignment of leadership, organizational structures, and processes to actualize and sustain the organizational objectives through the use of IT. The need for IT governance is felt because the interests of the organization and those managing the IT systems can be at odds or in other words, there is a conflict between these two imperatives. Thus, IT governance is needed to ensure that the IT systems are doing their assigned duty and that the objectives of the CEO and the CIO are the same. Indeed, it can be said that IT governance includes all the key stakeholders in the organization starting with the executive management and the boards and including the staff, customers, and other stake holders. It also needs to be mentioned that corporate governance and IT governance must not be viewed in isolation but must act and move in tandem. IT governance is a subset of corporate governance and that both must be framed in a mutually dependent manner. the objectives of IT governance can be summed up as assuring the creation of value through the use of IT; oversight of the management’s performance; mitigation of the risks associated with the use of IT; and a general tendency to have oversight over the IT systems so that there is alignment between the organizational goals and the goals of the IT systems. The key reasons why organizations use the IT frameworks are to ensure that they use the IT systems in an efficient and effective manner. Further, risk mitigation and performance management are key business imperatives, which the organization must follow so that there are no surprises for its operations and that the business objectives are being met. munotes.in
Page 117
116 Management Information System
116 8.4 INFORMATION TECHNOLOGY INFRASTRUCTURE AND CHOICES: 8.4.1 What is the IT Infrastructure? Technology powers nearly every aspect of today’s businesses, from an individual employee’s work to operations to goods and services. When properly networked, technology can be optimized to improve communication, create efficiencies and increase productivity. IT infrastructure refers to the composite hardware, software, network resources and services required for the existence, operation and management of an enterprise IT environment. IT infrastructure allows an organization to deliver IT solutions and services to its employees, partners and/or customers and is usually internal to an organization and deployed within owned facilities. If an IT infrastructure is flexible, reliable and secure, it can help an enterprise meet its goals and provide a competitive edge in the market. Alternatively, if an IT infrastructure isn’t properly implemented, businesses can face connectivity, productivity and security issues—like system disruptions and breaches. Overall, having a properly implemented infrastructure can be a factor in whether a business is profitable or not. With an IT infrastructure, a company can: • Provide a positive customer experience by providing uninterrupted access to its website and online store. • Develop and launch solutions to market with speed. • Collect data in real time to make quick decisions. • Improve employee productivity. 8.4.2 IT Infrastructure Decisions In order for IT organizations to efficiently deliver on their objectives to provide reliable computing services to the business, IT organizations must provide the services in a repeatable and predictable manner. This leads to the definition and creation of a variety of best practices. Best practices can include a combination of how people interact with the process, decision making steps, and leveraging technology to invoke a variety of tasks -people, process, and technology. These best practices are readily implemented as flows within the Decisions Workflow Automation Platform. What’s driving your IT infrastructure purchase? Nearly half of new infrastructure purchases are refreshing or replacing older infra, the other half are powering a new project or adding capacity. No matter which category you fall into, your choices on how to architect a solution are significantly more robust than they were just five years ago. According to munotes.in
Page 118
117
Managing Information
Systems and Information
Technology Infrastructure IDC, the average lifecycle of an x86 server is 4-5 years. Considering the hardware, software and technology advances, how do you evaluate which architecture will not only power your applications but also reduce IT complexity and ensure you are maximizing your per core licensing expenses? Getting your IT infrastructure right is one of the most important decisions an organization can make for a company. It can increase efficiency and productivity, help you take advantage of business opportunities, and improve the user experience for customers and employees. Getting it wrong also has consequences. You can add new levels of frustration for everyone, lose business, and prevent the company from competing the way it should. It becomes a speed limit on your path to success, and an obstacle to productivity. And at its worst, it can be the reason the business fails. But it doesn’t have to be that way. Companies make better IT decisions and overcome the three key stumbling blocks. Once an organization has their baseline and some level of benchmarking, they often look at optimizing the cost:performance efficiency by moving some of their workloads or applications to alternative infrastructures, internally or externally. But which infrastructure options are going to best meet your needs? Here are the four key questions to answer to improve your infrastructure decision-making: 1. What are my costs now? As we’ve discussed in previous baselining blogs, it’s critical to understand your existing unit cost efficiency based on your current infrastructure capacity, consumption patterns and costs. 2. What could the costs be? You need an apples-to-apples comparison of your costs to other options in the market, whether that’s additional on-premise infrastructure, a cloud service provider, or a hybrid of the two. 3. What is everyone else paying? Ideally you’d like to know what others in the market are paying. Not the list prices, but what do other organizations like yours actually pay and what is their infrastructure cost efficiency. 4. What are my costs after I make a move? Once you know all the of the above information and you make a decision to optimize your infrastructure footprint in some way, after that change is made you need the ability to track forecast-to-actual cost efficiency. In other words, am I improving as expected, and what are the next steps for further improvement (or additional course correction)? Deciding what type of IT infrastructure is right for your company can be deceptively difficult. While one option might have initial appeal, a careful analysis might reveal better choices. It’s important to give consideration to a number of factors before making a final decision. Some of those factors include: munotes.in
Page 119
118 Management Information System
118 1. Business plan. What is the company trying to accomplish specifically? As a growing company (or a market leader), what type of infrastructure would put you in the best position to succeed? How would a different type of format help you accomplish your goals faster, and how would you overcome the drawbacks? 2. Employee feedback. It’s important to get input from the people who will be using your IT infrastructure on a daily basis. What’s limiting them today, and what would help them do their job better? What technology frustrations could be solved with a different or updated approach? You might find that their concerns reveal challenges that weren’t considered at the executive level. Consulting with favored clients or vendors could be beneficial as well. If they’re impacted by your IT decisions, their outside view might reveal missed opportunities or obstacles your team hadn’t considered. 3. Existing IT assets. Assessing your needs involves assessing what you already have. If you’ve already made a significant hardware investment, abandoning it entirely would be a costly and wasteful decision. But if you’re starting from scratch, or you know your IT assets are lacking, you have more freedom to go in a new direction. Incorporating what you have into a new plan (if possible) would be an efficient way to expand your opportunities while making the most of existing resources. 8.4.3 Infrastructure Components The components of IT infrastructure are made up of interdependent elements, and the two core groups of components are hardware and software. Hardware uses software—like an operating system—to work. And likewise, an operating system manages system resources and hardware. Operating systems also make connections between software applications and physical resources using networking components. Hardware Hardware components can include: • Desktop computers • Servers • Data centers • Hubs • Routers • Switches • Facilities Software Software components can include: • Content management systems (CMS) • Customer relationship management (CRM) munotes.in
Page 120
119
Managing Information
Systems and Information
Technology Infrastructure • Enterprise resource planning (ERP) • Operating systems ● Web servers Facilities Facilities or physical plants provide space for networking hardware, servers and data centers. It also includes the network cabling in office buildings to connect components of an IT infrastructure together. Network Networks are comprised of switches, routers, hubs and servers. Switches connect network devices on local area networks (LAN) like routers, servers and other switches. Routers allow devices on different LANs to communicate and move packets between networks. Hubs connect multiple networking devices to act as a single component. Server A core hardware component needed for an enterprise IT infrastructure is a server. Servers are essentially computers that allow multiple users to access and share resources. Server room/data center Organizations house multiple servers in rooms called server rooms or data centers. Data centers are the core of most networks. 8.4.4 Networks A computer network is a communications system connecting two or more computers that work to exchange information and share resources (hardware, software and data). A network may consist of microcomputers, or it may integrate microcomputers or other devices with larger computers. Networks may be controlled by all nodes working together equally or by specialized nodes coordinating and supplying all resources. Networks may be simple or complex, self-contained or dispersed over a large geographical area. Network architecture is a description of how a computer is set-up (configured) and what strategies are used in the design. The interconnection of PCs over a network is becoming more important especially as more hardware is accessed remotely and PCs intercommunicate with each other. Different communication channels allow different types of networks to be formed. Telephone lines may connect communications equipment within the same building. Coaxial cable or fiber-optic cable can be installed on building walls to form communication networks. You can also create your own network in your home or apartment. Communication networks also differ in geographical size. Three important networks according to geographical size are LANs, MANs and WANs. munotes.in
Page 121
120 Management Information System
120 Local Area Network (LAN) A LAN allows all users to share hardware, software and data on the network. Minicomputers, mainframes or optical disk storage devices can be added to the network. Metropolitan Area Network (MAN) Metropolitan Area Network (MAN) A MAN is a computer network that may be citywide. This type of network may be used as a link between office buildings in a city. The use of cellular phone systems expand the flexibility of a MAN network by linking car phones and portable phones to the network. Wide Area Networks (WAN) Wide Area Networks (WAN) A WAN is a computer network that may be countrywide or worldwide. It normally connects networks over a large physical area, such as in different buildings, towns or even countries. A modem connects a LAN to a WAN when the WAN connection is an analogue line. For a digital connection a gateway connects one type of LAN to another LAN, or WAN, and a bridge connects a LAN to similar types of LAN. This type of network typically uses microwave relays and satellites to reach users over long distances. The widest of all WANs is the Internet, which spans the entire globe. Network protocols Protocols are the set of conventions or rules for interaction at all levels of data transfer. They have three main components: • Syntax – data format and signal types • Semantics – control information and error handling • Timing – data flow rate and sequencing Numerous protocols are involved in transferring a single file even when two computers are directly connected. The large task of transferring a piece of data is broken down into distinct sub tasks. There are multiple ways to accomplish each task (individual protocols). The tasks are well described so that they can be used interchangeably without affecting the overall system. munotes.in
Page 122
121
Managing Information
Systems and Information
Technology Infrastructure Internet The Internet is a giant worldwide network. The Internet started in 1969 when the United States government funded a major research project on computer networking called ARPANET (Advanced Research Project Agency NETwork). When on the Internet you move through cyberspace. Cyberspace is the space of electronic movement of ideas and information. The web provides a multimedia interface to resources available on the Internet. It is also known as WWW or World Wide Web. The web was first introduced in 1992 at CERN (Centre for European Nuclear Research) in Switzerland. Prior to the web, the Internet was all text with no graphics, animations, sound or video. 8.5 SELF LEARNING TOPICS: CASE STUDY OF MANAGING INFORMATION SYSTEM 1. Management Information System at Dell – https://www.mbaknol.com/management-information-systems/case-study-management-information-system-at-dell/ 2. MIS Project Harvard Case Solution & Analysis https://www.thecasesolutions.com/mis-project-142261 3. Management Information System: Case Study of Amazon.Com https://www.academia.edu/34174509/Management_Information_System_Case_Study_of_Amazon_Com 4. Nestle Management Information System Case Study https://www.studypool.com/documents/1331576/nestle-management-information-system-case-study-questions 5. Case Study on MIS: Information System in Restaurant https://www.mbaknol.com/management-information-systems/case-study-on-mis-information-system-in-restaurant/ 8.6 SUMMARY Information is considered as the lifeblood of the organization. It plays an important and effective role in managing the day-to-day affairs of a business organization. Business managers at top level and at operational level are generally confronted with complex problems which are emerging as a result of high rate of growth, change in business size, and development in the field of technical, change in consumer’s preferences and change in brand loyalties, intense degree of competition nationally and internationally, and changing government policies and regulations etc.. munotes.in
Page 123
122 Management Information System
122 8.7 PRACTICE QUESTIONS 1. Define Management Information System. Explain in what way MIS helps an organization. 2. What are the challenges of managing IT functions in an organization? Explain in details. 3. Explain the importance of Vendor management in MIS. 4. Explain the step by step process of vendor management. 5. Write a note on IT Governance. 6. What is IT Governance? 7. What is the process of IT infrastructure decision making? 8. Explain the different components of IT Infrastructure. 9. Write a short note on computer networks. 10. Prepare a case study on MIS in any one of the following: i. Financial MIS ii. Marketing MIS iii. Sales and Marketing iv. Accounting and Finance v. Human Resources vi. Office Automation/Enterprise Collaboration 8.8 REFERENCES 1. Management Information Systems- A global digital Enterprise perspective, 5th edition - By W.S.Jawdekar, TMG Publications 2. MIS: Managing Information Systems in Business, Government and Society, 2ed by Rahul De, Wiley 3. Management Information System, James O‘Brien, 7th edition, TMH 4. Management Information Systems, Loudon and Loudon, 11th edition, Pearson. munotes.in
Page 124
123 9 INFORMATION SECURITY AND THREATS Unit Structure 9.0 Objectives 9.1 Information Security 9.1.1 Introduction 9.1.2 Principles of Information Security 9.1.3 Information Security vs Cyber Security 9.2 Threats and Vulnerability 9.2.1 Introduction 9.2.2 Information Security Concerns 9.3 Controlling Security Threat and Vulnerability 9.4 Managing Security Threat in E-Business 9.5 Measures of Information Security 9.6 Information Security Management 9.0 OBJECTIVES Learning Objectives: This is to make the students familiar with various concerns of information security that prevails in both local and global network environment. Learning Outcomes: Students will be aware of the various information security concerns and challenges prevailing in an organisation at local and global network level. 9.1 INTRODUCTION The term 'information security' means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide integrity, confidentiality, and availability. Information security, sometimes abbreviated to infosec or data security, is a set of practices followed to ensure data security and prevent unauthorized access or alterations, during storage as well as transmission from one physical system to another. munotes.in
Page 125
124 Management Information System
124 As the importance of knowledge is increasing in the 21st century's, all efforts to keep information secure have correspondingly become increasingly important. PRINCIPLE OF INFORMATION SECURITY -CIA Triad Confidentiality Confidentiality is about preventing an unauthorised user to access the information. The purpose of the confidentiality principle is to keep personal information private and to ensure that it is visible and accessible only to those individuals who own it or need it to perform their organizational functions. Integrity Integrity is about keeping the information consistent which includes protection against unauthorized changes (additions, deletions, alterations, etc.) to data. This principle ensures that data is accurate and reliable and is not modified whether accidentally or maliciously. Availability Availability is about making the system available to the authorised users whenever required. The purpose of availability is to make the technology infrastructure, the applications, and the data available when they are needed for an organizational process or for an organization’s customers. Information Security vs Cybersecurity Information security includes Cybersecurity as a subcategory. Information security is a broad field that covers many areas such as physical security, endpoint security, data encryption, and network security. It is also closely related to information assurance, which protects information from threats such as natural disasters and server failures. Cybersecurity primarily addresses technology-related threats, with practices and tools that can prevent or mitigate them. Another related category is data security, which focuses on protecting an organization’s data from accidental or malicious exposure to unauthorized parties. They can be summarised as follows: - • Value of Data: Infosec and Cybersec both are aiming to protect is the value of data. Data that is more valuable to you and your organization should have the highest levels of protection. Cyber security tries to safeguard your organization’s commercial information and protect IT systems from digital hacking activities that could result in valuable data being accessed. Infosec is aimed at protecting the value of your company’s information assets from any type of threat, digital or not. munotes.in
Page 126
125
Information Security
and Threats • Security professional priorities: Cybersecurity professionals are most concerned with preventing active threats, such as hacking attempts and viruses. On the other hand, infosec professionals have a broader remit, including policies, procedures, and organizational roles and responsibilities to ensure confidentiality, integrity, and availability. • Focus of infosec vs cybersec: Cyber security focuses on establishing protection from digital threats arising outside the organization. Information security focuses on implementing policies and procedures to protect the confidentiality, integrity, and availability of all types of information asset. • Threats: Cyber security is only concerned with cyber threats. Information security is concerned with threats of all types. 9.2 INFORMATION SECURITY THREATS AND VULNERABILITIES Introduction The word ‘threat’ and ‘vulnerability’ are often used interchangeably but they are not the same. A threat is a person or event that has the potential for impacting a valuable resource adversely. A vulnerability is that quality of a resource or its environment that allows the threat to be realized. An armed bank robber is an example of a threat. A bank teller is an example of a valuable resource that may be vulnerable during a bank robbery. Bullet-proof glass between the robber and the teller denies the robber the opportunity to shoot the teller. The threat remains present, but one of its harmful effects (a gun shot) has been mitigated by a protection mechanism (the glass). A vulnerability refers to a known as a loophole of an asset (resource) that can be exploited by one or more attackers. In other words, it is a known issue that allows an attack to succeed. For example, when a team member resigns and you forget to disable their access to external accounts, change logins, or remove their names from company credit cards, this leaves your business open to both intentional and unintentional threats. However, most vulnerabilities are exploited by automated attackers and not a human typing on the other side of the network. Information Security threats can be many like Software attacks, theft of intellectual property, identity theft, theft of equipment or information, sabotage, and information extortion. Threat can be anything that can take advantage of a vulnerability to breach security and negatively alter, erase, harm object or objects of interest. munotes.in
Page 127
126 Management Information System
126 Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many users believe that malware, virus, worms, bots are all same things. But they are not same, only similarity is that they all are malicious software that behaves differently. Malware is a combination of 2 terms- Malicious and Software. So, Malware basically means malicious software that can be an intrusive program code or anything that is designed to perform malicious operations on system. Malware can be divided in 2 categories: 1. Infection Methods 2. Malware Actions Malware on the basis of Infection Method is classified into following: 1. Virus – They have the ability to replicate themselves by hooking them to the program on the host computer like songs, videos etc and then they travel all over the Internet. The Creeper Virus was first detected on ARPANET. Examples include File Virus, Macro Virus, Boot Sector Virus, Stealth Virus etc. 2. Worms – Worms are also self-replicating in nature, but they don’t hook themselves to the program on host computer. Biggest difference between virus and worms is that worms are network aware. They can easily travel from one computer to another if network is available and on the target machine, they will not do much harm, they will, for example, consume hard disk space thus slowing down the computer. 3. Trojan – The Concept of Trojan is completely different from the viruses and worms. The name Trojan is derived from the ‘Trojan Horse’ tale in Greek mythology, which explains how the Greeks were able to enter the fortified city of Troy by hiding their soldiers in a big wooden horse given to the Trojans as a gift. The Trojans were very fond of horses and trusted the gift blindly. In the night, the soldiers emerged and attacked the city from the inside. Their purpose is to conceal themselves inside the software that seem legitimate and when that software is executed, they will do their task of either stealing information or any other purpose for which they are designed. They often provide backdoor gateway for malicious programs or malevolent users to enter your system and steal your valuable data without your knowledge and permission. Examples include FTP Trojans, Proxy Trojans, Remote Access Trojans etc. Bots –: can be seen as advanced form of worms. They are automated processes that are designed to interact over the internet without the need for human interaction. They can be good or bad. Malicious bot can infect one host and after infecting creates connection to the central server which will provide commands to all infected hosts attached to that network called Botnet. munotes.in
Page 128
127
Information Security
and Threats Malware classified on the basis of Actions: • Theft of intellectual property means violation of intellectual property rights like copyrights, patents etc. • Identity theft means to act someone else to obtain person’s personal information or to access vital information they have like accessing the computer or social media account of a person by login into the account by using their login credentials. • Theft of equipment and information is increasing these days as the devices are portable today and the information capacity is increasing. • Sabotage means destroying company’s website to bring losses to organisation by preventing transactions and also affecting the confidence of the customer on the company thereby impacting the overall goodwill of an organisation. • Information extortion means theft of company’s property or information to receive payment in exchange. For example, ransomware may lock victims file making them inaccessible thus forcing victim to make payment in exchange. Only after payment victim’s files will be unlocked. Information Security Concerns Security Concerns can be classified into the following four concerns Environmental concerns include undesirable site-specific chance occurrences such as lightning, dust and sprinkler activation. Examples of Environmental (Unknown or Unforeseen circumstances or contingency) • Fire • Flood • Tsunami • Earthquake • Volcanic Eruptions • Lightning • Severe Weather • Smoke • Dust • Insects • Rodents • Chemical Fumes • Sprinkler Activation • Water Leakage - pipe breakage, hole in roof, condensation munotes.in
Page 129
128 Management Information System
128 • Explosion - nearby gas line, chemical plant, tank farm, munitions depot • Vibration - nearby railroad track, jet traffic, construction site • Electromagnetic Interference - suggested by poor radio reception or jittery workstation displays • Electrostatic Discharge - suggested by "sparking" to grounded objects Physical concerns include undesirable site-specific personnel actions, either intentional or unintentional, such as theft, vandalism and trip hazards. Example of Physical (undesirable site-specific personnel actions) • Unauthorized Facility Access • Theft • Vandalism • Sabotage • Extortion • Terrorism / Bomb Threat • Labor Unrest - employees and support contractors • War / Civil Unrest • Improper Transportation - equipment dropped, submerged, exposed to weather or X-rayed in transit • Improper Mounting/Storage - equipment exposed to bumps, kicks or weather • Spillage / Droppage - hazardous materials permitted near equipment (e.g. food, liquids) • Magnets / Magnetic Tools - can erase data or damage sensitive equipment • Collision - fork lift, auto, plane, wheelchair • Trip Hazards / Falls - equipment poses personnel hazards • Fire Hazards - flammable materials stored nearby Site-Support concerns include foundational site aspects such as electrical power, telephone service and climate control. These three categories of concerns are generally not resolvable as part of system design and administration - they are more appropriately addressed as part of facility design and maintenance, thereby encompassing all systems present. munotes.in
Page 130
129
Information Security
and Threats Example of Site-Support • Power Outage • Extreme / Unstable Temperatures • Extreme / Unstable Humidity • Unsafe Environment - unfit for human occupation • Facility Inaccessibility - blocked ingress • Inability to Cut Power - during fire, flood, etc. • Electrical Noise / Bad Ground - suggested by flickering lights or jittery workstation displays • Improper Maintenance - unqualified support or preventive maintenance behind schedule • Personnel Unavailability - inability to contact operations or support personnel • Telephone Failure - inability to contact site from outside, inability to call out, service completely unavailable • Inappropriate Fire Suppression - water, foam, PKP, Halon • Inappropriate Trash Disposal - sensitive data released in an unauthorized manner Technical concerns, includes insidious system-specific situations such as improper system operation, malicious software and line tapping. The actual threats are few: untrained and nefarious users and system calamities. It is far more useful to explore the many avenues (vulnerabilities) open to these users and events, and to consider ways to prevent these occurrences and/or provide for rapid recovery. Example of Technical concerns • Improper / Inadequate Procedure - foreseeable events not supported by complete and accurate documentation and training • Improper Operation - operating equipment beyond capacity or outside of manufacturer's constraints • Improper Hardware Configuration - prescribed hardware configured in other than the prescribed manner during installation • Improper Software Configuration - prescribed software configured in other than the prescribed manner during installation • Unauthorized Hardware / Modification - adding other-than-prescribed hardware or making unauthorized hardware modifications munotes.in
Page 131
130 Management Information System
130 • Unauthorized Software / Modification - adding other-than-prescribed software or making unauthorized software modifications • Unauthorized Software Duplication - creating copies of licensed software that are not covered by a valid license • Unauthorized Logical Access - acquiring the use of a system for which no access has been authorized (as opposed to gaining physical access to the hardware) • Malfeasance (exceeding authorizations) - acquiring the use of a system in excess of that which has been authorized • Unsanctioned Use / Exceeding Licensing - utilizing authorized system resources for unauthorized purposes (resume, church bulletin, non-job-related e-mail or Internet browsing) or exceeding a user licensing agreement • Over- or Under-Classification - labeling of a resource at a higher or lower level of sensitivity than appropriate • Malicious Software - software whose purpose is to degrade system performance, modify or destroy data, steal resources or subvert security in any manner • Hardware Error / Failure [functionality] - hardware that stops providing the desired user services/resources • Hardware Error / Failure [security] - hardware that stops providing the desired security services/resources • Software Error / Failure [functionality] - software that stops providing the desired user services/resources • Software Error / Failure [security] - software that stops providing the desired security services/resources • Media Failure - storage media that stops retaining stored information in a retrievable/intact manner • Data Remanence - storage media that retains stored information in a retrievable/intact manner longer than desired (failure to totally erase) • Object Reuse - a system providing the user with a storage object (e.g. memory or disk space) that contains useful information belonging to another user • Communications Failure / Overload - a communications facility that stops providing service or is unable to provide service at the requested capacity • Communications Error - a communications facility that provides inaccurate service munotes.in
Page 132
131
Information Security
and Threats • Data Entry Error - a system accepting erroneous data as legitimate • Accidental Software Modification / Deletion - deleting or otherwise making unavailable necessary software • Accidental Data Modification / Deletion - deleting or otherwise making unavailable necessary data • Accidental Data Disclosure - inadvertently revealing sensitive data to an unauthorized user • Repudiation - participating in a process or transaction but then denying of having done so • Masquerading - participating in a process or transaction but posing as another user • Message Playback - recording a legitimate transmission for retransmission at a later time in an attempt to gain unauthorized privileges • Message Flooding - generating an inordinately large quantity of transmissions in an attempt to make a system or service unavailable due to overload • Line Tapping - connecting to a communications facility in an unauthorized manner in an attempt to glean useful information • Electronic Emanations - information-bearing spurious emissions associated with all electronic equipment (prevented by TEMPEST equipment or shielding) • Geo-location - a system inadvertently revealing the current physical location of a user • Security Threats/Concerns can also be categorised as follows: - • Natural threats, such as floods, hurricanes, or tornadoes • Unintentional threats, like an employee mistakenly accessing the wrong information • Intentional threats, such as spyware, malware, adware companies, or the actions of a disgruntled employee Common Threats Unsecure or Poorly Secured Systems Legacy systems(old systems) are always at the risk as they are not immune to the latest loopholes and threats available. Organizations must identify these poorly secured systems, and mitigate the threat by securing or patching them, decommissioning them, or isolating them. munotes.in
Page 133
132 Management Information System
132 Social Media Attacks Many people have social media accounts, where they often unintentionally share a lot of information about themselves. Attackers can launch attacks directly via social media, for example by spreading malware via social media messages, or indirectly, by using information obtained from these sites to analyze user and organizational vulnerabilities and use them to design an attack. Social Engineering/Phishing Attacks Social engineering involves attackers sending emails and messages that trick users into performing actions that may compromise their security or divulge private information. Attackers manipulate users by addressing the subject of the mail as urgent, important or other any fear title. Because the source of a social engineering message appears to be trusted, people are more likely to comply, for example by clicking a link that installs malware on their device, or by providing personal information, credentials, or financial details. Malware on Endpoints Organizational users work with a large variety of endpoint devices, including desktop computers, laptops, tablets, and mobile phones, many of which are privately owned and not under the organization’s control, and all of which connect regularly to the Internet.A primary threat on all these endpoints is malware, which can be transmitted by a variety of means, can result in compromise of the endpoint itself, and can also lead to privilege escalation to other organizational systems. Different malwares that affect the target’s systems in a different ways are as follows:- 1. Adware – Adware is not exactly malicious but they do breach privacy of the users. They display ads on a computer’s desktop or inside individual programs. They come attached with free-to-use software, thus main source of revenue for such developers. They monitor your interests and display relevant ads. An attacker can embed malicious code inside the software and adware can monitor your system activities and can even compromise your machine. 2. Spyware – It is a program or we can say software that monitors your activities on computer and reveal collected information to an interested party. Spyware are generally dropped by Trojans, viruses or worms. Once dropped they install themselves and sits silently to avoid detection. One of the most common example of spyware is KEYLOGGER. The basic job of keylogger is to record user keystrokes with timestamp. Thus capturing interesting information like username, passwords, credit card details etc. 3. Ransomware – It is type of malware that will either encrypt your files or will lock your computer making it inaccessible either munotes.in
Page 134
133
Information Security
and Threats partially or wholly. Then a screen will be displayed asking for money i.e. ransom in exchange. This malicious software is designed to encrypt the victim’s data storage drives, rendering them inaccessible to the owner. If the ransom demand isn’t met, the key will be deleted and the data lost forever with it. 4. Scareware – It masquerades as a tool to help fix your system but when the software is executed it will infect your system or destroy it. The software will display a message to frighten you and force to take some action like pay them to fix your system. 5. Rootkits – are designed to gain root access or we can say administrative privileges in the user system. Once gained the root access, the exploiter can do anything from stealing private files to private data. 6. Zombies – They work similar to Spyware. Infection mechanism is same but they don’t spy and steal information rather they wait for the command from hackers. Trojans. This references a kind of delivery system for malware. A Trojan is any piece of malware that masquerades as a legitimate program to trick victims into installing it on their systems. Trojans can do a lot of damage because they slip behind your outermost network security defenses by posing as something harmless while carrying a major threat inside—like a certain infamous horse did to the city of Troy in Homer’s “Iliad.” Worms. Worms are programs that can self-replicate and spread through a variety of means, such as emails. Once on a system, the worm will search for some form of contacts database or file sharing system and send itself out as an attachment. When in email form, the attachment is part of an email that looks like it’s from the person whose computer was compromised. Denial of service (DOS) attack occurs when hackers deluge a website with traffic, making it impossible to access its content. A distributed denial of service (DDOS) attack is more forceful and aggressive since it is initiated from several servers simultaneously. As a result, a DDOS attack is harder to mount defenses against it. SQL injections are network threats that involve using malicious code to infiltrate cyber vulnerabilities in data systems. As a result, data can be stolen, changed, or destroyed. Man-in-the-middle attacks involve a third party intercepting and exploiting communications between two entities that should remain private. Eavesdropping occurs, but information can be changed or misrepresented by the intruder, causing inaccuracy and even security breaches. Lack of Encryption Encryption processes encode data so that it can only be decoded by users with secret keys. It is very effective in preventing data loss or corruption in case of equipment loss or theft, or in case organizational systems are compromised by attackers. Unfortunately, this measure is often overlooked munotes.in
Page 135
134 Management Information System
134 due to its complexity and lack of legal obligations associated with proper implementation. Security Misconfiguration Modern organizations use a huge number of technological platforms and tools, in particular web applications, databases, and Software as a Service (SaaS) applications, or Infrastructure as a Service (IaaS) from providers like Amazon Web Services.Enterprise grade platforms and cloud services have security features, but these must be configured by the organization. Security misconfiguration due to negligence or human error can result in a security breach. Another problem is “configuration drift”, where correct security configuration can quickly become out of date and make a system vulnerable. Hidden Backdoor Programs This is an example of an intentionally created computer security vulnerability. When a manufacturer of computer components, software, or whole computers installs a program or bit of code designed to allow a computer to be remotely accessed (typically for diagnostic, configuration, or technical support purposes), that access program is called a backdoor. Superuser or Admin Account Privileges One of the most basic tenets of managing software vulnerabilities is to limit the access privileges of software users. The less information/resources a user can access, the less damage that user account can do if compromised. However, many organizations fail to control user account access privileges—allowing virtually every user in the network to have so-called “Superuser” or administrator-level access. Some computer security configurations are flawed enough to allow unprivileged users to create admin-level user accounts. Automated Running of Scripts without Malware/Virus Checks One common network security vulnerability that some attackers learned to exploit is the use of certain web browsers’ (such as Safari) tendencies to automatically run “trusted” or “safe” scripts. By mimicking a trusted piece of code and tricking the browser, cybercriminals could get the browser software to run malware without the knowledge or input of the user—who often wouldn’t know to disable this “feature.” Unknown Security Bugs in Software or Programming Interfaces Computer software is incredibly complicated. When two or more programs are made to interface with one another, the complexity can only increase. The issue with this is that within a single piece of software, there may be programming issues and conflicts that can create security vulnerabilities. When two programs are interfaced, the risk of conflicts that create software vulnerabilities rises. Programming bugs and unanticipated code interactions rank among the most common computer security vulnerabilities—and cybercriminals work daily to discover and abuse them. munotes.in
Page 136
135
Information Security
and Threats IoT Devices The Internet of Things (IoT) encompasses many “smart” devices, such as Wi-Fi capable refrigerators, printers, manufacturing robots, coffee makers, and countless other machines. The issue with these devices is that they can be hijacked by attackers to form slaved networks of compromised devices to carry out further attacks. Employees within the organisation The biggest security vulnerability in any organization is its own employees. Whether it’s the result of intentional malfeasance or an accident, most data breaches can be traced back to a person within the organization that was breached.For example, employees may abuse their access privileges for personal gain. Or, an employee may click on the wrong link in an email, download the wrong file from an online site, or give the wrong person their user account credentials—allowing attackers easy access to your systems. Some of the same prevention techniques mentioned in the anti-phishing bullets can be applied to prevent data breaches caused by employees. Password Attacks With the right password, a cyber attacker has access to a wealth of information. Social engineering is a type of password attack that Data Insider defines as “a strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices.” Other types of password attacks include accessing a password database or outright guessing. The Explosion of Data Data storage on devices such as laptops and cell phones makes it easier for cyber attackers to find an entry point into a network through a personal device. For example, in the May 2019 book Exploding Data: Reclaiming Our Cyber Security in the Digital Age, former U.S. Secretary of Homeland Security Michael Chertoff warns of a pervasive exposure of individuals’ personal information, which has become increasingly vulnerable to cyber-attacks. Common Network Vulnerabilities Some of the most common network vulnerabilities include the following gaps in your application security: when applications are not kept up-to-date, tested, and patched, the doors are open to code injection, cross-site scripting, insecure direct object references, and much more. Security attacks can also be classified into ● Active attack ● Passive attack munotes.in
Page 137
136 Management Information System
136 Active Attack An active attack involves intercepting a communication or message and altering it for malicious effect. There are three common variants of an active attacks: • Interruption—the attacker interrupts the original communication and creates new, malicious messages, pretending to be one of the communicating parties. • Modification—the attacker uses existing communications, and either replays them to fool one of the communicating parties or modifies them to gain an advantage. • Fabrication—creates fake, or synthetic, communications, typically with the aim of achieving denial of service (DoS). This prevents users from accessing systems or performing normal operations. Passive Attack In a passive attack, an attacker monitors, monitors a system and illicitly copies information without altering it. They then use this information to disrupt networks or compromise target systems. The attackers do not make any change to the communication or the target systems. This makes it more difficult to detect. However, encryption can help prevent passive attacks because it obfuscates the data, making it more difficult for attackers to make use of it. Active Attacks Passive Attacks Modify messages,
communications or data Do not make any change to
data or systems Poses a threat to the
availability and integrity
of sensitive data Poses a threat to the
confidentiality of sensitive
data. May result in damage to
organizational systems. Does not directly cause
damage to organizational
systems. Victims typically know
about the attack Victims typically do not
know about the attack. Main security focus is on
detection and mitigation. Main security focus is on
prevention. munotes.in
Page 138
137
Information Security
and Threats 9.3 CONTROLLING SECURITY THREATS AND VULNERABILITIES In today’s world, data and protecting that data are critical considerations for businesses. Customers want to ensure that their information is secure with you, and if you can’t keep it safe, you will lose their business. Many clients with sensitive information demand that you have a rigid data security infrastructure in place before doing business with you. Information Security Policy in an organisation is an important first step towards controlling IT security threats and vulnerabilities An Information Security Policy (ISP) is a set of rules that guide individuals when using IT assets. Companies can create information security policies to ensure that employees and other users follow security protocols and procedures. Security policies are intended to ensure that only authorized users can access sensitive systems and information. Creating an effective security policy and taking steps to ensure compliance is an important step towards preventing and mitigating security threats. To make your policy truly effective, update it frequently based on company changes, new threats, conclusions drawn from previous breaches, and changes to security systems and tools. Make your information security strategy practical and reasonable. To meet the needs and urgency of different departments within the organization, it is necessary to deploy a system of exceptions, with an approval process, enabling departments or individuals to deviate from the rules in specific circumstances. Certain techniques to combat such threats: - • Team members to be aware of the current trends:- Ensure your team members are staying informed of current trends in cybersecurity so they can quickly identify new threats. They should subscribe to blogs (like Wired) and podcasts (like Techgenix Extreme IT) that cover these issues, and join professional associations so they can benefit from breaking news feeds, conferences, and webinars. • Regular threat assessment to be performed to determine the best approaches to protecting a system against a specific threat, along with assessing different types of threats. • To conduct penetration testing by modeling real-world threats in order to discover vulnerabilities. • Implementing a risk assessment framework, it is critical to prioritize the most important breaches that need to be addressed. Although frequency may differ in each organization, this level of assessment must be done on a regular, recurring basis. munotes.in
Page 139
138 Management Information System
138 • Include a total stakeholder perspective. Stakeholders include the business owners as well as employees, customers, and even vendors. All of these players have the potential to negatively impact the organization (potential threats) but at the same time they can be assets in helping to mitigate risk. • Designate a central group of employees who are responsible for risk management and determine the appropriate funding level for this activity. • Implement appropriate policies and related controls and ensure that the appropriate end users are informed of any and all changes. • Monitor and evaluate policy and control effectiveness. The sources of risk are ever-changing, which means your team must be prepared to make any necessary adjustments to the framework. This can also involve incorporating new monitoring tools and techniques. • Data Protection Law has to be enacted by the government to protect data privacy. • Update operating systems When a vulnerability is found in software, the manufacturer will work out how to fix the vulnerability and provide an updated version of the software. Keeping your systems up to date will protect against recently identified vulnerabilities. • Whitelist applications Whitelisting means that a computer is configured to only run the software that the organization explicitly permits. This is quite a hard control to manage, but it makes it very difficult for a cyber attacker. • Harden the computer’s defense Make sure that all configurable settings in the operating system and applications are configured for security. Another recommendation is to regularly de-install parts of the operating system and applications that will never be used. • Limit administrative access One of the easiest cybersecurity controls that’s recommended by every framework is to limit the number of people within the organization who have administrative access to systems. Reducing the number of accounts that have such access means there are fewer accounts for an attacker to target. • Implement multi-factor authentication Require a user to provide something else in addition to a username and a password to log in. This could be something unique only to the user—such as a fingerprint—or a physical product that the user has, such as a smartcard or a mobile device. • Create safe back-ups If an attacker gains access to a system and either tampers with, erases or encrypts data with the intent of securing a ransom from the organization, a backup helps the organization restore the data and recover its operations without paying the ransom. munotes.in
Page 140
139
Information Security
and Threats • Antivirus. Every system should be protected through an Antivirus program. Antivirus software is designed to detect, remove and prevent malware infections on a device or network. Though specifically created to eliminate viruses, antivirus software can also aid against spyware, adware and other malicious software. Basic antivirus programs scan files for the presence of malicious software, allow users to schedule automatic scans and remove any malicious software. • Spyware. Any software installed on a device without the end user's permission is classified as spyware, even if it is downloaded for a harmless purpose. Adware, Trojans and keystroke loggers are all examples of spyware. Without antispyware tools, spyware can be difficult to detect. To prevent spyware, network administrators should require remote workers to access resources over a network through a virtual private network that includes a security scan component. • Users can take preventative measures by reading terms and conditions before installing software, avoiding pop-up ads, and only downloading software from trusted sources. 9.4 MANAGING SECURITY THREATS IN E-BUSINESS Introduction Through widespread adoption of computer resources in everyday life, the nature of business has changed. That is, traditional documents and communication methods in business have been replaced by electronic data and more efficient communication. From the combination of traditional businesses and computer technology, various issues have become apparent. Positive effects include the decreasing use of limited natural resources (such as paper), efficient and cost-effective methods of communication, and fast accurate calculations in financial reports. Negative effects are more related to internet usage: the Internet is an open environment from which everyone may benefit; in particular, attackers may use this opportunity to gain access to sensitive data and sabotage infrastructure. Companies may be potential targets for attackers because of secret or useful data which exists within their systems. For instance, a database of an online shopping website includes usernames, passwords, card numbers and transactions which are suitable targets for cybercriminals and so possible theft of wealth and identity. The dynamic nature of risks to ebusiness environments makes identification of threats and vulnerabilities more difficult. Although the purpose of every kind of cyberattack is not the theft of money, sabotage is another threat and this causes possible loss of reputation and money for the target. Threats are divided into the classes of ‘external’ and ‘internal’, and are defined thus: External threats: those threats located outside of companies, such as hacker groups and organised cybercriminals. Internal threats: those types of threats which should be dealt from inside of companies. Former employees and current employees might also be a potential enemy or vulnerability for an e-business. Former employees can act as an insider to reveal sensitive information about the company, such as open ports in the network or other vulnerabilities. In addition, current munotes.in
Page 141
140 Management Information System
140 employees are not always trustworthy: such employees may be lured by social engineering techniques or phishing emails requesting sensitive information. Popularity of E-Commerce has brought threat to it. E-commerce refers to all the commercial transactions- buying and selling of goods online. Many innovations such as mobile business, internet marketing, online transaction processing, the transfers of electronic funds, electronic data interchange (EDI), stock management, chain supply administration systems and automated data collection systems can be implemented for the purpose of e-commerce. The danger of e-commerce comes from using the internet for unfair purposes in order to steal money and the infringement of protection. E-commerce risks of different kinds occur. Many of them are accidental, some of them attributable to human errors. Electronic payments, e-cash, data misuse, credit/debit card fraud, etc., are the most common security threats. Below are the list of threats in E-business:- 1. Financial frauds Ever since the first online businesses entered the world of the internet, financial fraudsters have been giving businesses a headache. There are various kinds of financial frauds prevalent in the e-commerce industry, but we are going to discuss the two most common of them. a. Credit Card Fraud It happens when a cybercriminal uses stolen credit card data to buy products on your e-commerce store. Usually, in such cases, the shipping and billing addresses vary. You can detect and curb such activities on your store by installing an AVS – Address Verification System. Another form of credit card fraud is when the fraudster steals your personal details and identity to enable them to get a new credit card. b. Fake Return & Refund Fraud The bad players perform unauthorized transactions and clear the trail, causing businesses great losses. Some hackers also engage in refund frauds, where they file fake requests for returns. 2. Phishing Several e-commerce shops have received reports of their customers receiving messages or emails from hackers masquerading to be the legitimate store owners. Such fraudsters present fake copies of your website pages or another reputable website to trick the users into believing them. For example, see this image below. A seemingly harmless and authentic email from PayPal asking to provide details. munotes.in
Page 142
141
Information Security
and Threats 3. Spamming Some bad players can send infected links via email or social media inboxes. They can also leave these links in their comments or messages on blog posts and contact forms. Once you click on such links, they will direct you to their spam websites, where you may end up being a victim. 4. DoS & DDoS Attacks Making the website unavailable through DDOS attack is very common in e-commerce.Many e-commerce websites have incurred losses due to disruptions in their website and overall sales because of DDoS (Distributed Denial of Service) attacks. What happens is that your servers receive a deluge of requests from many untraceable IP addresses causing it to crash and making unavailable to your store visitors. 5. Malware Hackers may design a malicious software and install on your IT and computer systems without your knowledge. These malicious programs include spyware, viruses, trojan, and ransomware. The systems of your customers, admins, and other users might have Trojan Horses downloaded on them. These programs can easily swipe any sensitive data that might be present on the infected systems and may also infect your website. 6. Exploitation of Known Vulnerabilities Attackers are on the lookout for certain vulnerabilities that might be existing in your e-commerce store.Often an e-commerce store is vulnerable to SQL injection (SQLi) and Cross-site Scripting (XSS). Some of these vulnerabilities include: a. SQL Injection It is a malicious technique where a hacker attacks your query submission forms to be able to access your backend database. They corrupt your database with an infectious code, collect data, and later wipe out the trail. b. Cross-Site Scripting (XSS) The attackers can plant a malicious JavaScript snippet on your e-commerce store to target your online visitors and customers. Such codes can access your customers’ cookies and compute. You can implement the Content Security Policy (CSP) to prevent such attacks. 7. Bots Some attackers develop special bots that can scrape your website to get information about inventory and prices. Such hackers, usually your competitors, can then use the data to lower or modify the prices in their websites in an attempt to lower your sales and revenue. munotes.in
Page 143
142 Management Information System
142 8. Brute force The online environment also has players who can use brute force to attack your admin panel and crack your password. These fraudulent programs connect to your website and try out thousands of combinations in an attempt to obtain you site’s passwords. Always ensure to use strong, complex passwords that are hard to guess. Additionally, always change your passwords frequently. 9. Man in The Middle (MITM) A hacker may listen in on the communication taking place between your e-commerce store and a user. Walgreens Pharmacy Store experienced such an incident. If the user is connected to a vulnerable Wi-Fi or network, such attackers can take advantage of that. 10. E-Skimming E-skimming involves infecting a website’s checkout pages with malicious software. The intention is to steal the clients’ personal and payment details. The method is to connect an ATM card reader with a data skimming tool. The information is copied from the magnetic strip to the computer when the customer swipes his card in the ATM card reader. The specifics of the card number, name, number, CVV, expiry of the card, and other information are therefore made available to offenders. 11. The Risk of Payment Conflicts An automated computer machine handles payments in electronic payment systems, not by individuals. When it manages large sums of payments regularly with many clients, the program is vulnerable to errors. When each pay period ends, it is important to review our payroll to ensure everything is meaningful regularly. When this is not accomplished, payment disputes may result in technological breakdowns and anomalies. 12. The Risk of Tax Evasion Internal Revenue Service legislation requires every corporation to disclose its financial transactions and to provide documents to ensure tax compliance. Electronic systems are troublesome because they don’t offer this paradigm clean. This is quite difficult for the Internal Revenue Service to raise revenue. Payments obtained or made via electronic payment systems are available to the company. The IRS does not know whether or not it tells the truth that tax evasion is easy. 13. Eavesdropping This is an illegal way to listen to private network contact. It does not interfere with the normal operations of the targeting program so that munotes.in
Page 144
143
Information Security
and Threats the sender and the receiver do not know that their communication is being monitored. 14. Spam Where emails are known as a strong medium for higher sales, it also remains one of the highly used mediums for spamming. Nonetheless, comments on your blog or contact forms are also an open invitation for online spammers where they leave infected links to harm you. They often send them via social media inbox and wait for you to click on such messages. Moreover, spamming not only affects your website’s security, but it also damages your website speed too. 15. Virus, Worms and Trojan Horses are the other risk in E-Commerce. E-BUSINESS SECURITY SOLUTIONS E-commerce security solutions that can ease your life includes the following: - 1. HTTPS and SSL certificates HTTPS protocols not only keep your users’ sensitive data secure but also boost your website rankings on Google search page. They do so by securing data transfer between the servers and the users’ devices. Therefore, they prevent any interception. 2. Anti-malware and Anti-virus software An Anti-Malware is a software program that detects, removes, and prevents infectious software (malware) from infecting the computer and IT systems. Since malware is the umbrella term for all kinds of infections including worms, viruses, Trojans, etc getting an efficient Anti-Malware would protect your system from all. 3. Securing the Admin Panel and Server Always use complex passwords that are difficult to figure out and make it a habit of changing them frequently. It is also good to restrict user access and define user roles. Every user should perform only up to their roles on the admin panel. Furthermore, make the panel to send you notifications whenever a foreign IP tries to access it. 4. Securing Payment Gateway Avoid storing the credit card information of your clients on your database. Instead, let a third party such as PayPal and Stripe handle the payment transactions away from your website. This ensures better safety for your customers’ personal and financial data. 5. Deploying Firewall Effective firewalls keep away fishy networks, XSS, SQL injection, and other cyber-attacks that are continuing to hit headlines. They also munotes.in
Page 145
144 Management Information System
144 help in regulating traffic to and from your online store, to ensure passage of only trusted traffic. 6. Educating Your Staff and Clients Ensure your employees and customers get the latest knowledge concerning handling user data and how to engage with your website securely. Provide them with restricted access to system. 7. Additional security implementations • Always scan your websites and other online resources for malware • Back up your data. Most e-commerce stores also use multi-layer security to boost their data protection. • Update your systems frequently and employ effective e-commerce security plugins. • Always go with the dedicated security platform that is quite secure from frequent cyber-attacks. 8. Secure Your Servers and Admin Panels Most ecommerce platforms come with default passwords that are ridiculously easy to guess. And if you don’t change them, you are exposing yourself to preventable hacks. Use complex password(s) and usernames and change them frequently. One can go one step further and make the panel notify you every time an unknown IP attempts to log in. These simple steps can significantly improve your web store’s security. 9. Payment Gateway Security While it may make processing payments more convenient, having credit card numbers stored on your database is a liability. It’s nothing less than an open invitation for hackers where you put your brand’s reputation and your customer’s sensitive information on the line. In order to save your business from this terrible fate, you should never store credit card information on your servers and ensure your payment gateways security is not at risk. Additionally, you can use third-party payment processing systems to carry out the process off-site. Popular ecommerce payment processing options include PayPal, Stripe, Skrill, and Wordplay. When it comes to ecommerce recommendations, you must obtain a Payment Card Industry Data Security Standard (PCI DSS) accreditation. 10. Use Firewalls Another effective ecommerce recommendation is to use firewall software and plugins that are pocket-friendly yet effective. They keep untrusted networks at bay and regulate traffic that enters and leaves munotes.in
Page 146
145
Information Security
and Threats your site. It offers selective permeability and only allows trusted traffic in. They also protect against cyber threats such as SQL injections and cross-site scripting. 11. Employ Multi-Layer Security You can fortify your security by using various layers of security. You can use a wide-spread Content Delivery Network or CDN to protect your site against DDoS attacks and malevolent incoming traffic. They do so by utilizing machine learning to filter out the malicious traffic from regular traffic. You can also use two-factor authentication to squeeze in an additional layer of security. Two-factor authorization requires a standard username and password combination as well as an extra code that is sent as an email to the user or as an SMS to their provided phone number. This ensures that only the user can access the service even if their username and password are at risk. 12. Ecommerce Security Plugins Security plugins are a simple way to enforce security protection on your website. They provide protection against bad bots, SQLi, XSS, code injections and hundreds of other severe attacks. One of the most secure, easy to implement, feature rich security plugin is Astra. It helps automatically secure your site and virtually patch software by preventing malicious requests from ever reaching your website. 13. Backup Your Data Data loss due to hardware malfunction or cyber-attacks is not uncommon. And if you don’t backup your data regularly, you are at the risk of losing it for good. You should do it yourself and not trust anyone else to do it for you. Employ automatic backup service so that even if you forget to do it manually, all your data will be backed up automatically. Create redundant backup and store it at different places to avoid loss during physical contingency if any like fire, earthquake etc. Today cloud backups are popular. 14. Stay Updated The importance of regularly updating WordPress core, security tools, and plugins and other platform used can be stressful, however, install security updates and patches as soon as they release because hackers can use bots that identify which websites use outdated software and obtain unauthorised access into the system. 15. To opt for a Solid Ecommerce Platform It is important that you choose a secure ecommerce platform that regularly updates itself and offers top-notch security. Ecommerce platform tools safeguard you against common threats and frequently provide you with updates. PrestaShop, Magento and WooCommerce are some popular choices. munotes.in
Page 147
146 Management Information System
146 16. Keep an Eye out for Malicious Activity To be alert is very important. One should keep an eye on the suspicious activity. This can save you a lot of trouble – not to mention revenue – since you can potentially catch a fraudulent transaction before it can take place. You can utilize special monitoring software that tracks the activity in real time and notifies you of any questionable transaction. For instance, a scammer using different cards to place multiple orders, or orders where the person using the card isn’t its holder. 17. Perform a security audit The way we do a routine health check-up, a regular examination of the website is similarly very important. Companies should prioritize going through their security protocols on a weekly or monthly basis. This will allow them to identify any fault in the hosting before it’s too late. Additional e-commerce security measures ● Tell your clients to use resources that are familiar to them, click on saved links, use the official internet banking app and check out where they get their messages from. ● Make scanning your website from malware your constant routine. ● Increase your data protection by using multi-layer security and backing up your data. ● Use efficient plugins for e-commerce security and update your systems often.
munotes.in
Page 148
147
Information Security
and Threats 9.5 MEASURES OF INFORMATION SECURITY There are different types of security measures in information systems when it comes to your data. It helps you secure your valuable and sensitive data. The types of security measures in information systems are as follow: - Data Backup A data backup process is the most critical type of data security measure. It is done by copying or archiving data files. As a result, you can retrieve data in case of a data loss event. Data backup can be done in secondary storage devices or cloud. Ensure there are redundant backup kept at different places to take care of physical threat situation like fire, earthquake, floods, riots etc. Firewalls A firewall is a network security tool that is designed to monitors incoming and outgoing network traffic. Moreover, it’s a like a gate between you and the internet. As a result, you can create a secure defence from an untrusted external network. Data Encryption Through encryption software, you can encrypt or decrypt data stream during transmission and storage. Moreover, it allows the encryption of the content of a data object, file, and network packet or application. Furthermore, there are different varieties of encryption methods such as: • AES • SHA 1 • MD5 Use Strong Passwords Use of strong passwords is recommended. Use Antivirus Software Antivirus software is an essential program. It helps protect the following areas: • computing devices • data files • and other important files munotes.in
Page 149
148 Management Information System
148 Secure Your Computer Computer security protects you from theft, hackers, and unauthorized access. To update operating system and security patches Cybersecurity experts recommend updating your operating system regularly. When installing the latest security patches and drivers, enables you to secure your data. Moreover, it will guarantee that your computer is up-to-date and liberated from viruses and other cyber threats. Digital Signature A digital signature serves as a validation method for incoming messages and documents. This helps you to authenticate the contents of electronic documents. Thus, ensuring data security. Moreover, it utilizes encryption techniques and promises that the contents of a message have not been modified in transit. Educate Your Employees This is another key type of security measure. Because of this, you will spread awareness to every employee within the organization. So, you should conduct an awareness workshop and training program on data security. Careful Use of Email and Website One thing about data security relates to confirmation. Yes, you need to confirm things first. For example, if you think your incoming email is suspicious then don’t click on that email. Moreover, the email can also contain a link in some cases. If so, you might be directed to another vulnerable website. Keep an eye on such suspicious events. Like we should no sign any document without reading similarly we should not confirm anything without reading and understanding. 9.6 INFORMATION SECURITY MANAGEMENT What is an Informational Asset? Every organisation has an information asset irrespective of the fact whether they collect identifying or personal information from customers or not. All organizations possess information that they would not want shared or publicized. Information security management is about protecting both the digital and physical asset from unauthorized access or theft. Some of the critical information assets of the organisation are as follows: - Strategic Documentation - Businesses and IT organizations develop and document long-term strategic and short-term tactical objectives that munotes.in
Page 150
149
Information Security
and Threats establish their goals and vision for the future. These valuable internal documents contain secrets and insight that competitors may want to access. Products/Service Information - Critical information about products and services, including those offered by the business and by IT, should be protected through information security management. This includes the source code for in-house developed application, as well as any data or informational products that are sold to customers. If your business sells a digital product, you will need information security to ensure that hackers cannot steal your product and distribute it without your consent or knowledge. Intellectual Property/Patents - If your company generates intellectual property, including developing software, you may require information security controls to protect it. Your competitors may want to steal your source code and use it to reverse engineer a product to compete with yours. Some countries do not enforce copyright or intellectual property laws, so you may have no recourse if this is allowed to happen. Proprietary Knowledge/Trade Secrets - Every organization generates proprietary knowledge throughout the course of doing business. For IT organizations, that knowledge may be stored in an internal knowledge base that is accessible to IT operators and support staff. Trade secrets are the unique insights and understanding that give your business a competitive advantage. If you wouldn't share them openly with your competition, you should secure trade secrets and proprietary knowledge using information security management controls. Ongoing Project Documentation - Ongoing project documentation consists of the documented details of products or services that are in the process of being launched. If your competitors find out what you're up to, they may attempt to release a competing product or feature more quickly than anticipated and could even benchmark it against your new product in an effort to lock you out of the marketplace. Employee Data - Human resource departments collect and retain data about your employees, including performance reviews, employment history, salaries and other information. These records could contain confidential information that a cyber attacker might use to blackmail your employees. A competitor organization could use this data to identify targets before attempting to poach your employees. All of these examples are listed in addition to confidentially submitted customer data, where a failure to protect the data against theft would constitute a breach of trust, and in some cases, a lack of conformity with information security standards or legislation. Three Objectives of Information Security Management Information security at the organizational level is centred around the CIA triad of Confidentiality, Integrity, and Availability. Information security munotes.in
Page 151
150 Management Information System
150 controls are put in place to ensure the confidentiality, integrity and availability of protected information. Confidentiality – It is about preserving the confidentiality/privacy of information means ensuring that only authorized persons can access or modify the data. Information security management teams may classify or categorize data based on the perceived risk and anticipated impact that would result of the data was compromised. Additional privacy controls can be implemented for higher-risk data. Integrity – It is about preventing the alteration of data by an unauthorised user. Information security management deals with data integrity by implementing controls that ensure the consistency and accuracy of stored data throughout its entire life cycle. For data to be considered secure, the IT organization must ensure that it is properly stored and cannot be modified or deleted without the appropriate permissions. Measures such as version control, user access controls and check-sums can be implemented to help maintain data integrity. Availability – This principle is about making the data accessible to the authorised users whenever required. Information security management deals with data availability by implementing processes and procedures that ensure important information is available to authorized users when needed. Typical activities include hardware maintenance and repairs, installing patches and upgrades, and implementing incident response and disaster recovery processes to prevent data loss in the event of a cyber-attack. Information Security Management Standards and Compliance For some organizations, information security management is more than a requirement for protecting sensitive internal documents and customer information. Depending on your industry vertical, information security management might be a legal requirement to safeguard sensitive information that you collect from customers. Organizations that collect personalized medical or health care records in the United States are required to follow the privacy and security guidelines of the Health Insurance Portability and Accountability Act (HIPAA). Organizations that process credit card payments are responsible for compliance with the Payment Card Industry Data Security Standard (PCI DDS). Organizations that collect personalized information from customers in Europe are covered by the European General Data Protection Regulation (GDPR) and could face thousands or millions of dollars in fines for non-compliance. The International Standards Organization 27001 (ISO/IEC 27001) standard “specifies the requirements for establishing, implementing, maintaining, and continuous improvement for an information security management system.” The flexible framework is structured so that organizations of all sizes can implement it. Like the NIST framework for munotes.in
Page 152
151
Information Security
and Threats federal agencies, ISO/IEC 27001 is a best practice framework to guide the development of an ISMS. The standard is updated regularly and includes 114 security measures organized in 14 control clauses. These clauses are listed below: • Clause 5: Information Security Policies • Clause 6: Organization of Information Security • Clause 7: Human Resource Security • Clause 8: Asset Management • Clause 9: Access Control • Clause 10: Cryptography • Clause 11: Physical and Environmental Security • Clause 12: Operations Security • Clause 13: Communication Security • Clause 14: System Acquisition, Development, and Maintenance • Clause 15: Supplier Relationships • Clause 16: Information Security Incident Management • Clause 17: Information Security Aspects of Business Continuity Management • Clause 18: Compliance Below is the list of Regulation Act for Information Security: - The Act What it Regulates Company
Affected
NIST
(National
Institute of
Standards and
Technology) This framework
was created to
provide a
customizable guide
on how to manage
and reduce
cybersecurity
related risk by
combining existing
standards,
guidelines, and best
practices. It also
helps foster
communication
between internal
and external
stakeholders by This is a
voluntary
framework
that can be
implemented
by any
organization
that wants to
reduce their
overall risk. munotes.in
Page 153
152 Management Information System
152 creating a common
risk language
between different
industries. CIS Controls
(Center for
Internet
Security
Controls) Protect your
organization assets
and data fr om
known cyber -attack
vectors. Companies
that are
looking to
strengthen
security in the
internet of
things (IoT). ISO 27000
Family (Interna
tional
Organization
for
Stan dardization
) This family of
standards provide
security
requirements
around the
maintenance of
information
security
management
systems (ISMS)
through the
implementation of
security controls. These
regulations
are broad and
can fit a wide
range of
businesses.
All businesses
can use this
family of
regulations for
assessment of
their
cybersecurity
practices. ISO 31000
Family (Interna
tional
Organization
for
Standardization
) This set of
regulations governs
principles of
implementation and
risk management. These
regulations
are broad and
can fit a wide
range of
businesses.
All businesses
can use this
family of
regulations for
assessment of
their
cybersecurity
practices. munotes.in
Page 154
153
Information Security
and Threats HIPAA (Health
Insurance
Portability and
Accountability
Act)
/ HITECH Omni
bus Rule This act is a two
part bill. Title I
protects the
healthcare of
people who are
transitioning
between jobs or are
laid off. Title II is
meant to simplify
the healthcare
process by shifting
to electronic data. It
also protects the
privacy of
individual patients .
This was further
expanded through
the HITECH /
Omnibus Rule. Any
organization
that handles
healthcare
data. That
includes, but
is not limited
to, doctor’s
offices,
hospitals,
insurance
companies, bu
siness
associates ,
and
employers. PCI-DSS
(Payment Card
Industry Data
Security
Standard) A set of 12
regulations
designed to reduce
fraud and protect
customer credit
card information . Companies
handling
credit card
infor mation.
GDPR
(General Data
Protection Act) This regulates the
data protection and
privacy of citizens
of the European
Union. Any company
doing
business in
the European
Union or
handling the
data of a
citizen of the
European
Union. CCPA
(California Privacy rights and
consumer
protection for the Any business,
including any
for-profit
entity, munotes.in
Page 155
154 Management Information System
154 Consumer
Privacy Act) residents of
California. that does
business in
California and
collects
consumers’
personal data. AICPA
(American
Institute of
Certified Public
Accountants) S
OC2 The security,
availability,
processing
integrity, and
privacy of systems
processing user
data and the
confidentiality of
these systems. Service
organizations
that process
user data.
SOX
(Sarbanes -
Oxley Act) This act requires
companies to
maintain financial
records for up to
seven years. It was
implemented to
prevent another
Enron scandal. U.S. public
company
boards,
management,
and public
accounting
firms.
COBIT
(Control
Objectives for
Information
and Related
Technologies) This framework
was developed to
help organizations
manage
information and
technology
governance by
linking business
and IT goals. Organizations
that are
responsible
for business
processes
related to
technology
and quality
control of
information.
This includes,
but is not
limited to,
areas such as
audit and
assurance, munotes.in
Page 156
155
Information Security
and Threats compliance,
IT operations,
governance,
and security
and risk
management.
GLBA
(Gramm -
Leach -Bliley
Act) This act allowed
insurance
companies,
commercial banks,
and investment
banks to be within
the same company.
As for security, it
mandates that
companies secure
the private
information of
clients and
customers. This act
defines
“financial
institutions”
as:
“…companies
that offer
financial
products or
services to
individuals,
like loans,
financial or
investment
advice, or
insurance.” FISMA
(Federal
Information
Security
Modernization
Act of 2014) This act recognizes
information
security as a matter
of national security.
Thus, it mandates
that all federal
agencies develop a
method of
protecting their
information
systems. All Federal
agencies fall
under the
range o f this
bill. FedRAMP
(Federal Risk
and
Authorization Cloud services
across the Federal
Government. Executive
departments
and agencies. munotes.in
Page 157
156 Management Information System
156 Management
Program) FERPA
(The Family
Educational
Rights and
Privacy Act of
1974) Section 3.1 of the
act is concerned
with protecting
student educational
records. Any post -
secondary
institution
including, but
not limited to,
academies,
colleges,
seminaries,
technical
schools, and
vocational
schools. ITAR
(Internationa l
Traffic in Arms
Regulations) Controls the sale of
defense articles and
defense services
(providing critical
military or
intelligence
capability). Anyone who
produces or
sells defense
items and
defense
services. COPPA
(Children’s
Online Privacy
Protection
Rule) The online
collection of
personal
information about
children under 13
years of age. Any Person or
entity under
U.S.
jurisdiction. NERC CIP
Standards
(NERC Critical
Infrastructure
Protection
Standards) Improve the
security of North
America’s power
system. All bulk
power system
owners and
operators. munotes.in