Samenvatting Digital organisation
2018-2019
De cursusdienst van de faculteit Toegepaste Economische
Wetenschappen aan de Universiteit Antwerpen.
Op het Weduc forum vind je een groot aanbod van samenvattingen, examenvragen,
voorbeeldexamens en veel meer, bijgehouden door je medestudenten.
CHAPTER 1: Information systems in global business today
1. How are IS transforming global business and why are they so essential?
EXAMPLES:- Global investments in information technology grew from 2,5 trillion to 3,30 trillion in only 10 years. America and Europe account for 70% of this investment.
- Changed in technology have changed our social life and business practices.
Smartphones (50% of the world population), tablet computers, access to Internet, social networks… - In 2016, 1.6 billion Internet users have bought something online.
In 2015, FedEx moved about 11.5 million packages daily in 220 countries. - Internet advertising continues to grow more than 20 percent a year.
More than 194 billion in revenues in 2016 Business use information systems to…
- Rapidly respond to a changing customer demand and improving customer experience
- Achieve higher levels of efficiency via e-commerce and Internet advertising
- Reduce inventories to the lowest possible levels (for example: just-in-time delivery)
- …
1.1.
What’s new in Management Information Systems?
1) IT innovations
- Cloud Computing
- Big Data and the IoT
- The use of social networks to achieve business objectives
These kind of innovations are enabling entrepreneurs to create new products and develop new business models. In this transformation some old business were destroyed.
2) New business models are disrupting old business models
- Online video services like Netflix, Apple iTunes…(no more DVDs and CDs)
- Online sharing platforms like Uber and AirBnb
3) E-commerce expanding
- Ecommerce has disrupted the traditional marketing and advertising industry
4) Management changes
- Business is going mobile! Salespeople on the road are only seconds away from their managers’ questions and
orders. F. ex.: virtual meetings
- Managers are in a direct, continuous contact with their customers and employees
5) Changes in firms and Organizations
- Hierarchy and structure is replaced by multiple roles and tasks by collaborating with others in a team
- Managers are more aware of changes in technology, customer behavior and culture.
- Managers use social media to communicate with their customers (because they have no other choice!)
1.2.
Globalization challenges and opportunities: a flattened world
Due to a technological change globalization, communication and collaboration has become very easy in the past few years. The emerge of the Internet has drastically reduced the cost of operating and transacting on a global scale.
Employment in information systems and other service occupations are rising, but so do the wages. This causes a lot of firms to outsource their business to low-cost countries like China and India.
We need to create skills and experiences that cannot be outsourced. The challenge for a new business is that it avoids markets for goods and services that can be produced offshore much less expensively.
1.3.
The emerging digital firm
What is a digital organization?
= a firm in which all of the organization’s significant business relationships with customers, suppliers and employees are digitally enabled. Core business processes are linked with another trough digital information systems.
What is a business process?
= a set of logically related tasks and behaviors that organizations develop to produce specific business results and a unique way of operating.
In a digital firm, any piece of information required to support business decisions are available at any time (=time
shifting) and in a global workspace (=space shifting)
1.4.
Strategic business objectives of information systems
We are facing a growing interdependence between organizations and information systems. (See figure p.41)
A firm’s ability to use information systems a firm’s ability to implement corporate strategies and achieve corporate goals
What a company wants to achieve often depends on what its systems will be able to do Business invest in information systems to achieve the following six strategic business objectives:
1) Operational Excellence
= improvement of efficiency of your operations in order to achieve higher profitability
Example: The Walmart’s Retail System digitally links its suppliers to every store. When a customer purchases an item, the supplier know when he has to deliver new products.
2) New products, services and business models
A business model describes how a company produces, delivers and sells a product or service to create wealth.
Example: music industry totally shifted into a digital transformation
3) Customer and supplier intimacy
= Business need to really know their customers and suppliers in order that customers buy more and suppliers provide goods or services with discounts
Example: KLM guaranteed their customers, in case of a complaint, a solution within one hour. Now customers also consider the service of the product instead of only the price.
4) Improved decision making
= managers can use real-time date from the marketplace when making decisions
Example: A Human Capital Management system for real-time insight into individual employee information helps managers to make faster decisions such as promotions or transfers.
Example: track-and-trace bij FedEx
5) Competitive advantage
= When you know how to use your information systems correctly you might be able to do something better than your competitors
Example: bol.com
6) Survival
= When you are not investing in a new way of conducting business, your firm may disrupt
2. What is an information system?
Information Technology (IT) = all the hard- and software that a firm needs to use in order to achieve business
objectives
Information system = a set of interrelated components that collect, process, store and distribute information to
support decision making and control in an organization. It may also help managers to analyses problems, visualize complex subjects and create new products. An information systems makes sense out of raw data.
Information ≠ data
information = data that is meaningful and useful to humans data = raw facts
Example: Supermarket checkout counters millions of pieces data from bar codes, which describe each product. This data can be analyzed to useful information: for example the total number of bottles of wine sold at a particular store. An information system has three functions/activities:
1) Input: collecting data
2) Processing: converting data into a meaningful form
3) Output: transferring the processed information to the managers
In addition: managers need to give the information systems some feedback.
2.1.
Dimensions of information systems
1) Organizations
Organizations have structure that is composed of different levels of responsibility and authority. The upper levels consist professional and technical employees, whereas the lower levels consist of operational personnel.
- Senior management: long-range strategic decisions - Middle management: carrying out the programs and plans - Operational management: monitoring the daily activities
- Knowledge management: designing products and service + create new
knowledge
- Data workers: assisting scheduling and communications at all levels - Production or service workers: production of the product + delivery of
the service
Business functions = sales and marketing, manufacturing and production,
finance and accounting, HRM…
How do these functions relate to information systems? See chapter 2. Information systems form…
- unique business processes (formal and informal)
- unique business culture
- organizational politics
2) Management
The management of a firm has to make decisions and formulate action plans. Basically this means they set the organizational strategy of the firm.
Most important is that managers create new ideas time to time instead of managing what already exists. Information technology can play a powerful role in helping managers. (See chapter 12)
3) Information Technology
Computer hardware and software are two important tools managers use to handle organizational change.
Data management technology consists a wide range of techniques and database systems used for managing
information use and allocating access both within a business and between entities.
Networking and telecommunications technology consists networks, Internet, intranet, extranet and the
World Wide Web:
- Network: links two or more computers to share date or resources
- Internet: the world’s largest and most used network (“network of networks”) - Intranet: a private network in an organization; internal corporate network - Extranet: private intranets extended to authorized users outside the organization
- World Wide Web: a service provided by the Internet that uses universally accepted standards for
information in a page format on the Internet
IT infrastructure = provides a platform on which the firm can build its specific information systems 2.2.
It isn’t just technology: a business perspective on information systems
Why do managers and firms invest in information systems? Because they provide economic value! The decision to build an information systems depends on returns.
productivity increases? revenue increases?
long-term strategic position of the firm in a market? Every business has an information value chain.
When we invest in Information Technology, we expect more business value. Sometimes the creating of business value can take a while. We call this the IT blackhole: investing in IT does not guarantee good results. An information system represents a solution to an organizational problem, but you need to adopt the right
2.3.
Complementary assets: the right business model and organizational capital
Why do some firms achieve better results from their information systems than others?
Some firms invest a lot and receive great returns, others invest the same and receive less. Some firms invest few and receive much, others invest few and receive less.
Investing in information systems does not guarantee good success (“It backhole”)
The answer lies in the concept of complementary assets (=assets required to receive value from a primary investment). Example: In order to make profit out of automotive industry, complementary investments in highways and roas are necessary.
Information technology investments alone doesn’t make managers more effective. There is a need of supportive values, structures and behavior patterns. Firms need to change the way of doing business before they can really
reap the advantages of new technologies!
Three major complementary investments firms have to make (more details on table 1.2. p. 56):
1) Organizational assets 2) Managerial assets 3) Social assets
3. What academic disciplines are involved?
What are the major disciplines that contribute to the study of information systems?
3.1.
TECHNICAL APPROACH:
Management science: development of models for decision making and management practices Computer science: establishing theories of computability and methods of
efficient data storage and access
Operations research: mathematical techniques for optimizing selected
parameters of organizations
3.2.
BEHAVIORAL APPROACH:
- Some issues cannot be solved with the technical approach
- Sociologists: How do groups and organizations form systems and how systems affect groups?
- Psychologist: How do human decision makers use information?
- Economist: How new information systems change the control and cost structures within a firm?
3.3.
SOCIOTECHNICAL PERSPECTIVE
- MIS combines the work of computer science, management science and operations research with a practical orientation
- No single approach effectively captures the reality of information systems
- Optimal organizational performance is achieved by optimizing both technical and behavioral approaches
- The fact that a firm has recently introduced a new business procedure does not necessarily mean employees will be more productive.
1. What are business processes and how are they related to information systems?
In order to operate, businesses must…- deal with many different pieces of information
- organize work activities that use this information
3.4.
What are business processes?
= the manner in which work is organized, coordinated and focused to produce a valuable product or service = the collection of activities required to produce a product or service
= refers to the way that organizations coordinate work, information and knowledge Every business can be seen as a collection of business processes or functional areas. Example: sales and marketing, HRM…
Business processes may be assets or liabilities.
When business processes cross many different functional areas (=cross functional business process), coordination is needed. (See example figure p.73)
Examples of functional business processes (table p.72):
FUNCTIONAL AREA BUSINESS PROCESS
Sales and marketing Identifying customers, making customers aware of the product, selling the product
HRM Hiring employees, evaluating job performance
… …
3.5.
How do information systems improve business processes?
Information systems…automate many steps in business processes Example: checking a client’s credit at the bankWe have to rethink the business processes, because new technologies…
- can change the flow of information: many more people can have access to information and can share it
- can eliminate delays in our decision making
- replace sequential steps with tasks that can be performed simultaneously
- are supporting new business models (music/film industry has become totally online)
2. How do systems serve different management groups and how do they improve organizational
performance?
Because there are different interests, specialties and levels in an organization, no single system can provide all this information. An organization has systems supporting processes for each of the major business functions.
3.6.
Systems for different management groups
1) Transaction processing systems (TPS)
= a computerized system that provides information about daily routine transactions such as sales, receipts, cash deposits, payroll, flow of materials, hotel reservations, …
= answers routine questions like: How many parts are in inventory? What happened to Mr. Smith’s payment? Information must be easy available, current and accurate.
2) Systems for business intelligence
= used to help managers and users make improved decisions
I. Management Information Systems (MIS) Serve middle management
Help with monitoring, controlling, decision making and administrative activities
Provide middle managers with reports (example: figure p.77) on the organization’s current performance. This information is used to monitor and control the business and predict future performance.
Uses data from the TPS
Provide answers to routine questions such as summaries and comparisons Disadvantage: not flexible and little analytical capabilities
II. Decision-Support Systems (DSS)
Serve middle management
Support more non-routine decision making
Focus on problems that are unique and rapidly changing
Example: What would happen to our return on investment if a factory schedule were delayed for six months?
Uses data from TPS and MIS + external sources
Voyage-estimating system = calculates financial and technical voyage details = model driven DSS Intrawest’s marketing analysis systems = data driven DSS
III. Executive Support Systems (ESS)
Serve senior management
Support non-routine decision making (requires judgment, evaluation and insight)
Information is delivered to senior managers through a portal, which uses a web interface to present information (digital dashboard)
Designed to incorporate data about external events They draw summarized information from MIS and DSS
3.7.
Systems of linking the enterprise
How can a business manage all the information in these different systems? How can all these different systems share information? How are managers able to coordinate their work? There are several solutions…
3.7.1. Enterprise Applications
= systems that help organizations to become more flexible and productive by coordinating their business processes more closely and integrating groups of processes so they focus on efficient management
There are four major enterprise applications:
1) Enterprise systems
2) Supply chain management systems (SCM-systems)
3) Customer relationship management systems (CRM-systems) 4) Knowledge management systems
Each of these systems integrates another set of functions and business processes. On the right you can see the architecture for these enterprise applications.
1) Enterprise systems / Enterprise resource planning (ERP -systems)
Used to integrate business processes in manufacturing and production, finance and accounting, sales and marketing and HRM into a single software system
Collects data from different firm functions and stores data in a single, central data repository
2) Supply chain management systems (SCM-systems)
Used to help manage relationships with suppliers
This system helps suppliers, distributors, purchasing firms… to share information about orders, production, inventory levels and delivery of products so they can operate more efficiently.
The system increases the firms profit by lowering costs of moving and making products
Interorganizational system, because they automate the flow of information across organizational boundaries
3) Customer relationship management systems (CRM-systems)
Used to help manage relationships with customers
Provide information to coordinate all the business processes that deal with customers in sales, marketing and service
We want to optimize customer satisfaction
4) Knowledge management systems (KMS)
Some firms perform better than other because they have better knowledge The knowledge of a firm is unique and is difficult to imitate
KMS enables organizations to better manage knowledge and expertise
KMS collects all relevant knowledge in the firm and makes it available wherever and whenever it is needed to improve business processes and management decisions
KMS links the firm to external sources of knowledge
3.7.2. Intranets and Extranets
Intranet (internal network) = internal company websites that are only accessible by employees Internet = public network!!
Extranet = external company websites accessible for suppliers and vendors
3.8.
E-business, e-commerce and e-government
E-Business/Electronic business = the use of digital technology and the Internet to execute the major business
processes in the firm
E-commerce/Electronic commerce = a part of e-business that deals with buying and selling of goods and services
over the Internet
E-government = the application of the Internet and networking technologies to digitally enable government and
public sector agencies’ relationships with citizens, business and other arms of government.
3. Importance of systems for collaboration
Why are systems for collaboration and social business so important, and what technologies do they use?
3.9.
What is collaboration?
= working with others to achieve a goalCollaboration can be on a short-term or a long-term.
Collaboration is possible in formal or informal groups/teams. There are several reasons why teamwork is important:
It changes the nature of work It improves the professional work It changes the organization of a firm It changes the scope of a form It improves innovation
It changes culture
3.10.
What is social business?
= the use of social networking platforms - like Facebook, Twitter - and internal corporate tools to engage employees, customers and suppliers
The goal of social business is to deepen interactions with groups inside and outside the firm to stimulate
information sharing, innovation and decision making.
The key word is “conversations” . Customers, suppliers, employees… are conversating all the time!
Information transparency is required. People need to share opinions and facts directly with another, without
intervention from executives. Everyone in the creation of value has to know everything about everyone else What are the advantages of social business?
+ product designers can learn directly from customer feedback
+ employees with social connections can work more efficiently and solve more problems Examples (table p.87): Communities, crowdsourcing, social networks, file sharing…
3.11.
Business benefits of collaboration and social business
The more a business firm is ‘collaborative’, the more successful it will be. Investments in collaboration technology produced organizational improvements that returned more than four times the amount of the investment.
Benefits of collaboration and social business (table p.88):
- Productivity
- Quality
- Innovation
- Customer service
- Financial performance (profitability, sales and sales growth)
3.12.
Building collaborative culture and business processes
Collaboration won’t take place spontaneously!Some business firms have a reputation of being ‘command and control’. This means that top leaders give commands to lower-level employees, who have to fulfill those orders without asking any questions.
The opposite of this business firm is a more collaborative culture and business. Business processes are much more dependent on the performance of teams.
3.13.
Tools and technologies for collaboration and social business
1) E-mail and instant messaging (IM)
Sharing files, transmitting messages
Real-time conversations with multiple participants simultaneously E-mail use had declined, with messaging and social media coming up
2) Wikis
A type of website that makes it easy for users to contribute and edit text content and graphics without any knowledge about web page development or programming techniques
Example : Wikipedia
Useful tools for storing and sharing corporate knowledge and insights
3) Virtual worlds
Online 3D environments populated by “residents” who have built graphical representations of themselves known as avatars
Examples : online meetings, interviews, guest speaker events, employee training…
4) Collaboration and social business platforms I. Virtual meeting systems
Videoconferencing technology
A video conference allows individuals at two or more locations to communicate with another trough a two-way video and audio call.
Reduces travel costs + people all over the world can collaborate
Telepresence technology = an integrated audio and visual environment that allows a person to give
the appearance of being present at a location other than his or her physical location
II. Cloud collaboration services
Examples : Google drive, google docs, google slides, google +…
File storage, file sharing and collaborative editing
Users can upload and share data with others
III. Microsoft SharePoint and IBM Notes
A browser-based collaboration and document management platform, combined with a powerful search engine that is installed on corporate services
SharePoint is a web-based interface and has close integration with productivity tools such as Microsoft Office. SharePoint makes it possible for employees to share their documents and collaborate on projects using Office documents as the foundations.
IBM Notes is a collaborative software system with capabilities for sharing calendars, e-mail, messaging, collective writing and editing, shared database access and online meetings.
IV. Enterprise social networking tools
Creating business value by connecting the members of an organization through profiles, updates and notifications similar to Facebook features but tailored to internal corporate uses.
5) Checklist for managers: evaluating and selecting the right tools
Time: due to different time zones aren’t video conferences very pleasant Place: high cost of travel
A time-space matrix determines which tools are the best for you to use.
4. Role of the information systems function in a business
Managing a technology requires a special information system. Who is responsible for running these systems?
3.14.
Information systems department
= formal organizational unit responsible for information technology services. In other words: responsible for maintaining the hardware, software, data storage and networks.
- Programmers: writing the software
- Systems analysts: forming the principal connection between information system groups and the rest of the organization
- Information system managers: leaders of teams of programmers and analysts, project managers…
- Chief Information Officer (CIO) = head of the information systems department; senior manager; oversees the use of information technology in the firm. They need strong business background, information systems expertise and leadership.
- Chief Security Officer (CSO) = in charge of the information systems security and his policy. They are responsible for educating and training users and information systems specialists about security.
- Chief Privacy Officer (CPO) = responsible for ensuring that the company complies with existing data privacy laws
- Chief Knowledge Officer (CKO) = responsible for the firm’s knowledge management program. The CKO helps design programs and systems to find new sources of knowledge or to make better use of existing knowledge
- Chief Data Officer (CDO) = responsible for utilization of information to maximize the value that the organization can realize from its data
- End users: representatives of departments outside of the information systems group for whom applications are developed
3.15.
Organizing the information systems function
How should the information systems department be organized?IT-governance includes the strategy and policies for using IT within an organization.
Specifies the decision rights
Chapter 3: Information systems, Organizations and Strategy
1. Features of organizations: how to build an use information systems successfully?
The interaction between organizations and information technology isinfluenced by several factors, including the organization’s structure, culture…
Information systems can change social and work life in a firm. Before you decide to build a new information system, you need to understand your own business organization.
1.1.
What is an organization?
1.1.1. Technical definition
An organization is a stable, formal social structure that takes resources from the environment and processes them to produce output.
Capital + labor production process output is given to environment in return for input
1.1.2. Behavioral definition
An organization is a collection of rights, privilege, obligation and responsibilities over a period of time.
How do these definitions relate to information systems technology?
- Technical view encourages us to focus on how inputs are combined to create outputs when we introduce technology What happens when we substitute labor for capital?
- Behavioral view tells us that IT is more than just replacing labor. Some information systems change the organizational balance of rights, privileges, obligations and responsibilities.
Technological change has some implications…
- The length of time required to implementing a system is much longer than actually building the system Employees and managers have to learn how to use it!
- Who owns and controls the system? Who has the right to access and update information?
REMARK: the technical and behavioral definitions are not contradictory, but they complement each other! Technical definition: tells us how thousands of firms combine capital, labor and information technology Behavioral definition: takes us inside the individual firm to see how technology affects the organization
3.16.
Features of organizations
All of the following features affects the kinds of information systems used by organizations.
1) Routines and Business Processes
Routines make organizations become more efficient over time.
Routines = standard operating procedures = precise rules, procedures and practices that have been developed to deal with virtually all expected situations
Example: When you go to the doctor, receptionist have a well-developed set of routines for gathering basic information of you. Nurses have a different set of routines to prepare you for an interview with the doctor. And the doctor has another set of routines for diagnosing you. All this increases efficiency and lowers cots.
Business processes = collection of routines (and a business is a collection of business processes) 2) Organizational Politics
An organization has different people, with different positions, specialties, concerns and perspectives. This results in divergent viewpoints an opinions.
These differences cause political struggles and power play
A manager need to understand how to deal with these struggles, when implementing a new information system!
3) Organizational Culture
= the set of assumptions about what products the organization should produce, how it should produce them, where and for whom
Business processes are often hidden in the organization’s culture
Example: At a university… professors know more than students, students attend college to learn, classes follow a regular schedule
Organizational culture promotes common understanding and agreement ( political conflict)
4) Organizational Environments
Organization and environment have a reciprocal relationship: the organization gives output its environment and the environment gives inputs to the organization
Organizations are open to + depend on environment
Example: without human resources, an organization could not exist Organizations can influence environment
Example: business firms form partnerships with other business firms to influence the political process; business firms advertise to influence the customer
FIGURE: Information systems are key instruments for
require an organizational response), helping managers identify external changes that might require an organizational response.
Environments change much faster than organizations. DISRUPTIVE TECHNOLOGIES: Riding the wave
= substitute products that perform as well as or (much) better than anything currently produced Examples: car ( horses); Microsoft Office ( typewriters); Apple iPod ( CD players) …
Entire industries were put out of business “You have to know what’s happening out there!”
Some firms are able to create these technologies and ride the wave to profits, others learn quickly adapt their business, others are have to leave the market.
5) Organizational Structure
Mintzberg’s organizational structures (table p.116)
Example: In a professional bureaucracy such as an hospital, we can find parallel patient record systems. And in small entrepreneurial firms we will find poorly designed systems developed in a rush.
The kind of information systems depends on the structure of an organization.
6) Other organizational features
Organizations have different goals: coercive, utilitarian, normative… Organizations serve different stakeholders
Organizations have different leadership styles Organizations have different types of tasks
2. Impact of information systems on organizations
Which changes brought IT to an organization?2.1.
Economic impact
1) Transaction Cost Theory
Transaction cost = the costs when a firm buys on the marketplace what it cannot make itself; the cost of participating in a market
Firms want to keep transaction costs as low as possible
Using the market is expensive because of costs such as locating and communicating with suppliers, buying insurance, obtaining information about products…
Firms tried to reduce transaction cost through vertical integration (=getting bigger, hiring more employees, buying their own suppliers and distributors; you own the entire supply chain yourself)
Information technology can help firms to lower the transaction cost, especially by introducing networks. This means companies can outsource their work instead of hiring more employees
As transaction cost decreases, firms become smaller, because it is easier and cheaper for a firm to outsource activities
2) Agency Theory
Information technology can also reduce internal management costs (=cost of acquiring and analyzing information)
A principal (owner) employs “agents” (employees) to perform work on his or her name. But agents need constant supervision and management, otherwise they will follow their own interests.
As a firm grows in size, agency costs rise, because owners must expend more and more effort supervising and managing employees.
Information technology permits organizations to reduce agency costs, because it becomes easier for owners to oversee a greater number of employees.
CONCLUSION: Information technology reduced both agency costs and transaction costs. We expect companies to invest more in IT and companies to become smaller.
2.2.
ORGANIZATIONAL AND BEHAVIORAL IMPACT
1) IT Flattens Organizations
IT facilitates flattening of hierarchies by broadening distribution of information to empower lower-level employees and increase management efficiency.
IT gives lower-level employees more decision-making functions, because they now have the information they need to make a good decision.
Managers have become much faster at making decisions, so fewer managers are needed.
CONCLUSION: The management span of control has bene broadened. This means that high-level managers can manage more workers spread over greater distances.
2) Postindustrial organizations
In postindustrial societies, authority relies on knowledge and competences and not on formal positions. This causes a flattened organization, because professional workers tend to be self-managing. This causes a decentralized decision making, because knowledge and information has become widespread. Self-managed teams (“task forces”) pop up in organizations to accomplish a specific task. This is strongly encouraged by information technology.
3) Understanding Organizational resistance to change
Because information systems change the structure, culture, business processes and strategy of a firm, there is often resistance to them when they are introduced.
Four parameters of interest: nature of the IT innovation structure
culture of people
tasks affected by the innovation
When introducting a new information system, you need to change those four parameters simultaneously.
2.3.
The Internet and organizations
The internet increases… the accessibility of information storage of information
distribution of information the knowledge for organizations The internet decreases…
transaction costs agency costs
Example: banks and brokers of movies can now deliver their services via the Internet all over the world, saving a lot of distribution costs
Example: sending bills over the Internet lowers distribution costs
2.4.
Implications for design and understanding of
information systems
Some factors to keep in mind when planning to build a new information system:
The environment must function The structure must be known The culture and politics
The type of organization and its style of leadership The principal groups of interest
The kinds of tasks, decisions and business processes
3. Some models to help companies develop competitive strategies using information systems
Some firms to better than others. This means that they have a competitive advantage over others. They may have better access to special resources, or they are able to use resources more efficiently.But why do some firms do better than others? How do they achieve competitive advantage? There are many answers ton this question. One of them is Michael Porter’s competitive forces model.
3.1.
PORTER’S COMPETITIVE FORCES MODEL
It provides a general view of the firm, its competitors and its environment. Why some firms do better than others? There are five possible answers.:
1) Traditional competitors
Competitors are continuously innovating and inventing new ways to produce, by introducing new products at new prices.
2) New market entrants
In some markets is the entrance barrier low, in other markets is it quit high. New companies have several advantages:
they are not locked into old plants and equipment (no old ‘legacy systems’) they hire younger workers who are less expensive and perhaps more innovative they are more hungry and more motivated
These advantages can also be a weakness:
they depend on outside financing, which can be expensive they have less-experienced workforce
they have little brand recognition
Substitutes are products your customers might use when your prices are too high. New technologies create substitutes every day!
The more substitute products and services in your industry, the less you can control pricing and the lower your profit margins.
4) Customers
A profitable company depends on its ability to attract and keep customers and charge high prices
The power of a customer increases if they are able to switch very easy to a substitute or if they can force competitors to compete on price.
When there is little product differentiation, customer’s power is high.
5) Suppliers
The more suppliers a firm has, the greater control it can exercise over suppliers in terms of price, quality and delivery schedules.
3.2.
Information system for dealing with competitive forces
How to turn the threat into an opportunity? There are four strategies for dealing with competitive forces.
1) Low-cost leadership
Organizations use IT-systems to achieve the lowest costs and the lowest prices.
Example: Wallmart has a ‘customer response system’ which keeps their shelves well stocked. Thanks to this system, Wallmart doesn’t need to spend money on warehouses. The systems links the customer behavior to production of products in the stores.
2) Product differentiation
Organizations use IT-systems to enable new products and services or greatly change the customer convenience and experience.
Example: Apple created the iPod, a unique portable digital music player, plus iTunes, an online music store where songs can be purchased. Apple has continued to innovate: iPhones, iPads…
Some manufacturers are even customizing and personalizing their products to the wishes and the needs of their customers (=mass customization)
Example: NIKEiD program on the website from Nike
3) Focus on market niche
Organizations use IT-systems to enable a specific market focus and serve this narrow target market better than competitors. Information systems are analyzing customers preferences, buying patterns, tastes… which gives organizations an enormous amount of (big) data. This is then used to make advertising and marketing campaigns more efficiently.
Example: Hilton Hotels uses an “OnQ-system” that analyzed detailed data on active guest in all their hotels
4) Strengthening customer and supplier intimacy
Organizations use IT-systems to tighten linkages with suppliers and develop intimacy with customers. Example: Chrystler gives suppliers direct access to production schedules + Amazon keeps track of user preferences and recommends products to the customer
3.3.
The Internet’s impact on a competitive advantage
Is it harder or easier to gain a competitive advantage with Internet? The Internet…
- makes it easy for competitors to compete on price
- makes it easy for new entrants to enter the market
- raises the power of customers (they have a lot of information)
- has destroyed some industries and has severely threatened more
Example: printed encyclopedia industry, travel agency industry, music stores, dvd stores, newspapers…
- has created new markets
Example: Amazon, Alibaba, eBay, Facebook…
Smart products and the Internet Of Things (IoT)
= the use of sensors in industrial and consumer products
They expand opportunities for product and service differentiation
Increase rivalry among firms that will either innovate or lose customers to competitors Raise switching costs
Prevent new entrants coming into the market
Decrease the power of suppliers, because the physical product becomes less important than the software and hardware that make it run
3.4.
The business value chain model
This Model is more specific about what exactly to do, and it does provide a methodology to follow for achieving competitive advantages (in contrast to the Competitive Forces Model!) The business value chain model highlights specific activities where competitive strategies must be applied and where information systems most likely have impact.
This model views a firm as a chain of activities that add value to a firm’s product or service. These activities can be primary or support activities.
PRIMARY ACTIVITIES:
- directly related to the production and distribution of the firm’s products or services
- inbound logistics: receiving and storing materials for distribution or production - operations: transforming input into finished products
- sales and marketing: promoting and selling - service: maintenance and repair
- outbound logistics: storing and distributing finished products
SUPPORT ACTIVITIES:
- make the delivery of the primary activities possible
- administration and management: organizational structure - human resources: employee requiting, hiring and training - technology: improving products and the production process - procurement: purchasing inputs
How can we use information systems to improve operational efficiency and customer/supplier intimacy?
You have to determine this at each stage separately
Supply chain management systems and customer relationship systems are two of the most common system applications that result from a business value chain analysis.
When using this model, you need to consider benchmarking your business processes against your competitors. This involves comparing the efficiency and effectiveness of your business processes.
Industry best practices are usually identified by consulting companies, government agencies, research organizations… as the most successful solutions for achieving a business objective.
Extending the value chain: THE VALUE WEB
The value chain of a firm is linked to the value chains of suppliers, distributors and customers.
The performance of most firms depends on what happens inside a firm and what happens outside the firm.
Value web = a collection of independent firms that use information technology to coordinate their value chains to
produce a product or service for a market. It is more consumer driven and operates less linear than a traditional value chain.
Value webs are more flexible and adaptive to changes in supply and demand.
3.5.
Synergies, core competencies and network-based strategies
A corporation is a collection of businesses. The returns are directly linked to the performances of all these businesses. Information systems can improve the overall performance of these businesses by promoting synergies and core competencies.
1) Synergies
= when the output of some units can be used as inputs to other units (or two organizations pool markets and expertise), these relationships lower costs and generate profits
When you tie together different operations, they can act as a whole
2) Improving core competencies
= an activity for which a firm is a world-class leader
Relies on knowledge that is gained over many years of practical field experience with a technology Example: Procter and gamble (world leader in brand management and consumer product innovation) uses a series of systems to improve its core competencies. An intranet called “Innovation.Net” is a system that helps people working on similar problems share ideas and expertise.
3) Network-based strategies
Network Economics
The economic value being produced depends on the number of
people using a product
”Netwerk effects”= economic value arises when more and more
people are using the product
Example: What is the value of a telephone if it’s not connected
to millions of other telephones?
The law of diminishing returns = the more any given resource is
certain point an additional input produces no additional outputs. (this only counts in traditional economics)
In some situations, this law does not work.
Example: in a network, the marginal cost of an extra participant is zero, whereas the marginal gain is much larger. The more participants, the greater the value creation for the firm.
Conclusion: information technology can be strategically useful Virtual Company Model
A virtual company/organization uses networks to link people, assets and ideas. Than they are able to operate with other companies to create and distribute products and services without being limited by a traditional organizational boundaries or physical locations.
One company can use the capabilities from another company without being organizationally tied to that company.
Tis model is useful when a company finds it cheaper to acquire products, services or capabilities from an external company.
Business Ecosystems and Platforms
Business ecosystem = separate, interdependent networks of suppliers, distributors, outsourcing firms,
transportation service firms and technology manufacturers
Difference with the Value Web? Cooperation takes place across many industries (here) rather than many firms (value web).
Platform = information systems, technologies and services that thousands of other firms in different
industries use to improve their own capabilities (Example: Windows Microsoft, Facebook)
Business ecosystems can be characterized as having one or a fewer keystone firms (Apple) that dominate the ecosystems and create the platforms used by other niche firms (App developers).
Example: Keystone firms in the Microsoft ecosystem include Microsoft and technology producers such as Intel and IBM. Niche firms include thousands of software application firms, software developers, service firms… that support and rely on the Microsoft products.
Individual firms should consider how their information systems will enable them to become profitable niche players in larger ecosystems created by keystone firms.
Example: ecosystem = the mobile internet platform
Four industries: device makers, wireless telecommunication firms, independent software application providers and Internet service providers
Each of these industries has its own interests and driving forces, but sometimes come together in a (cooperative or competitive) new industry.
Example : Apple has managed to combine these industries into a system.
4. Challenges
What are the challenges posed by strategic information systems? How should they be addressed?
4.1.
SUSTAINING COMPETITIVE ADVANTAGE
Competitive advantages mostly do not last long enough to ensure long-term profitability. Competitors can copy strategic systems, causing a non-sustainable advantage
Markets, customer expectations and technology changes
The Internet can make a competitive advantage disappear, because all companies can easily copy
4.2.
ALIGNING IT WITH BUSINESS OBJECTIVES
Managers need to perform a strategic systems analysis to make sure their system aligns with the business. Only by connecting IT to business, value is created. This is false: creating an IT-system will create value.
4.3.
MANAGING STRATEGIC TRANSITIONS
Strategic transitions = a movement between levels of sociotechnical systems
When you want to adopt a new system, you need to change your business goals, relationships with customers and suppliers, and business processes… (=sociotechnical changes are affecting the social and technical elements in a firm)
Chapter 8: Securing Information Systems
1. Why are IS vulnerable to destruction, error and abuse?
Without security some bad things might happen: Computer would be disabled
You can’t sell to your customers anymore You can’t place orders anymore
Hackers may have stolen all your data and your business might never be able to recover! You need to make security and control a top priority!
Security refers to the policies, procedures and technical measures to prevent unauthorized access, theft or physical damage to information systems
Controls are methods, policies and procedures that ensure the safety of the organizational assets. An important thing to remember is CIA or Confidentiality, Integrity and Availability.
Confidentiality = does the system give authorized accesses? Integrity = does the system give correct information? Availability = does the system give information online?
1.1.
Why are systems vulnerable?
Huge amounts of data are stored in electronic environments connected through the internet. Unauthorized access can happen from any location in the world.
Things can go wrong on each layer of the computing environment. This is illustrated in the figure.
Public networks, such as the Internet, are more vulnerable than internal networks because they are virtually open to
anyone. The Internet is so huge that abuses can have an enormous, widespread impact.
Most telephone services are based on Internet Technology and is thus unencrypted. Hackers can easily intercept conversations!
Vulnerability has also increased in e-mail traffic, instant messaging (IM) and peer-to-peer (P2P) We are facing some major wireless security challenges.
An SSID or Service Set Identifier is an identification method for Wi-Fi. The SSID makes it possible to separate wireless networks from another by giving them a name (SSID). Unfortunately many Wi-Fi networks can be penetrated easy by intruders (indringers) using sniffer programs (see figure 8.2. p.326).
A new phenomenon is called war driving. Intruders drive by buildings and try to detect SSID and gain access to networks and resources.
Intruders can also set up rogue access points. A Rogue AP is a wireless access point that is connected to your secure wired network- thus broadcasting a signal someone can connect to potentially allowing access to your network and your resources. And it Is controlled or managed by someone other than you- meaning you don’t control the configuration, set up, encryption and authentication of users on that device.
1.2.
Malicious software: viruses, worm, trojan horses and spyware
Malicious software programs or malware include a variety of threats (it is a very broad definition!)
1) A computer virus attaches itself to other software programs after a human action. They can cause serious damage such as destroying programs or data, deleting computer memory, …
2) Worms are independent computer programs that copy themselves from one computer to another over a network. Unlike viruses, worms can operate on their own. This explains that worms can spread more rapidly than viruses.
(1) + (2) are spread by downloads, IM attachments, e-mail and drive-by downloads (i.e. malware that comes from a download file that a user requests)
3) Mobile device malware is a high risk for corporate systems, because many wireless smartphones and other mobile devices are linked to corporate information systems.
Example: You log in on your banking app, but the malware reads your codes.
4) Social network malware is quite new. Members of Facebook, Twitter, Instagram are more likely to trust messages on these platforms (f.ex. messages they receive from “friends”)
5) A trojan horse is a software program that appears to be “good” but then does something other than expected. The trojan horse itself is not a virus, but it is a way for other malware to get into the system.
6) SQL injection attacks take advantage of vulnerabilities in poorly coded web application software to introduce a malicious code into a company’s system and network. The malware is send directly to the system. SQL injection usually occurs when you ask a user for input (on web pages), like their username/user-id, and instead of a name/id, the user gives you an SQL statement. In short, this is the abuse of entry pages on websites.
7) Ransomware tries to collect money from users by taking control of their computers (mostly by displaying annoying pop-up messages when hacked). When the money is payed, the hackers promise to give back the data.
8) Spyware is software that aims to gather information about a person or organization without their knowledge, that may send such information to another entity without the consumer's knowledge.
Example: Keylogging is the action of recording (logging) the codes typed on a keyboard. Data can then be retrieved by the person operating the logging program
1.3.
HACKERS AND COMPUTER CRIME
Hacker = an individual who wants to gain unauthorized access to a computer system (to warn them for the possible
threats a company faces)
Cracker = a hacker with criminal intend 1) Spoofing and sniffing
Spoofing is a situation in which one person or program uses a fake e-mail address or pretends to be someone else by falsifying data.
Example: Hackers led users to a fake website that looks almost exactly like the original website A sniffer is a computer program that can intercept dataflows that passes over a digital network
2) Denial-of-service attacks
In a denial-of-service (DoS) attack hackers flood a network server with many thousands of false communications at the same time to crash the system.
A distributed denial-of-service (DDoS) attack uses numerous computers to overwhelm the network These kinds of attacks do not destroy information but causes the websites/system to shut down for a
while. Imagine what happens if this happens to a website like bol.com!
How does it work? Hackers use thousands of infected computers to send messages to a system, without their owner’s knowledge. This is all organized via a botnet. A botnet is a number of Internet-connected devices, each of which is running one or more bots.
3) Computer crime (table 8.2. p330)
Computers of you and me can be used as targets of crime or instruments of crime. No one knows how many computers are invaded by hackers or the total economic damage by computer crime.
4) Identity theft
= a crime in which a bad guy information such as passwords, credit card numbers, …. The information can be used to obtain credit, merchandise or services in the name of the victim.
Phishing = a form of spoofing = setting up fake websites or sending e-mail messages that look like those of legitimate businesses to ask users for confidential information.
Evil twins =phishing technique but harder to detect. It mostly is a wireless network that pretends to be “good” (f.ex on an airport, hotel…) but wants to capture confidential data from you
Pharming = it leads a user to an infected web page, even if the user types in the correct web page address
5) Click fraud
Every time you click on a banner from a company the firm has to pay a fee. Click fraud is a system that automatically keeps clicking on a banner without the intention of learning more about the firm.
6) Global threats: cyberterrorism and cyberwarfare
Cyberwarfare = an activity designed to defeat another state or nation by penetrating its computers or
networks or cause damage and disruption + defending against these types of attacks
It is difficult to tell who is responsible for an cyberattack, because terrorists can commit an attack in the name of a state. You have to know what is happening out there! Threats have become global due to the Internet. Example: Stuxnet is a malicious computer worm, first uncovered in 2010. Stuxnet was responsible for causing substantial damage to Iran's nuclear program.
1.4.
Internal threats: employees
Employees have access to secret information, which makes them able to search things in the system without leaving a trace. Studies have shown that a lack of knowledge about security is the greatest cause auf security breaches in a company.
Social engineering or social hacking, is a technique where a hacker commits an attack on a computer system by
hacking the weakest part of the company: humans. These hackers pretend to be a legitimate member of the firm to steal information. In short, it is hacking without any codes.
1.5.
Software vulnerability
A bug or program code defect is an error, flaw, failure or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. Studies have shown that it is impossible to eliminate all bugs from programs. Even a small program with hundred lines will contain tens of decisions leading to thousands of paths.
Zero defects cannot be achieved. Complete testing of a program would take thousands of years! Flaws/bugs obstruct performances and creates security vulnerabilities that open networks to intruders.
Zero-day vulnerabilities = holes in the software that are unknown for the creator. This calls zero-day because the creator has zero days to fix the problem before hackers have noticed.
Patches = small pieces of software created by the software vendor to repair the bugs without disturbing the proper operation of the software
2. What is the business value of security and control?
Companies store information about their corporate operations, trade secrets, development plans and marketing strategies. Governments systems contain information about weapons, intelligence operations and military targets. It would be a catastrophe if this information would be leaked or destroyed. Security breaches may result in serious liability, because companies protect not only their own information but also information of customers, suppliers and
business partners. Imagine what will happen when a hospital is hacked.
2.1.
Legal and regulatory requirements for electronic records management
The U.S. government is forcing companies to take security and control more seriously by introducing new regulations. HIPAA (Health Insurance Portability and Accountability Act) is regulation for companies in the healthcare
industry.
o Medical security and privacy rules and procedures
o Members of the healthcare industry need to retain patient information for six years and ensure the confidentiality of those records
o It specifies privacy, security and electronic transaction standards The Gramm-Leach-Bliley Act is regulation for financial services
o This act requires financial institutions to ensure the security and confidentiality of customer data
The Sarbanes-Oxley Act is regulation for publicity traded companies
o This act was designed to protect investors after some scandals
o It imposes responsibility on companies and their management to safeguard the accuracy and integrity of
financial information that is used internally and externally
2.2.
Electronic evidence and computer forensics
Evidence for crimes is more and more presented in a digital form (e-mails, IM, e-commerce transactions…)
If you need to show your data to the court (after a legal discovery request) you might get in trouble when your data is deleted or hacked by someone. You need to make sure your data is stored well and correct. This will save you a lot of time and money.
Computer forensics is the scientific collection, examination, authentication, preservation and analysis of data in such
a way that it can be used in court.
Computer forensics experts will also search for ambient/latent data (i.e. data which is not visible for the average user).
Example: recovering deleted files
3. What are the components of an organizational framework for security and control?
Even with the best security tools, your information systems would be useless if you do not know how and where to deploy them. You need to know the risks of your business before implementing new security tools. You also need to develop a security policy and plans to keep your business running when your information systems aren’t operational.
3.1.
Information system controls
Information systems consist of general and application controls
1) General controls
They govern the design, security and use of computer programs + the security of data in general. General controls include software controls, hardware controls, computer operations controls, data security controls, development controls and administrative controls. (see table 8.4. p338)
2) Application controls
This are specific, unique controls to each application such as payroll or order processing. They can be classified in input, output and processing controls.
Input controls: checking data for accuracy and completeness
Processing controls: ensuring complete and accurate data during the processing. When something goes wrong, the system must recognize it.
Output controls: ensuring that the results of computer processing are accurate and complete
3.2.
Risk assessment
Before a company invests in security and control it must know which assets need protection and which assets are most vulnerable.
A risk assessment determines the level of risk to a firm in a specific activity or process. An important note is that you will never measure all the risks!
Types of threats, probability of breach, potential losses, expected annual loss, value of the threat…
You need to determine your risk appetite. This is the level of risk an organization is willing to take. The risk appetite is high when the organization wants to innovate. The risk appetite is low when the organizations is unwilling to take risks.
Business managers need to determine some important subjects: value of information assets, points of vulnerability, the frequency of a problem and the potential damage.
Example : If a security breach happens only once a year and costs “only” $1000, it would not be necessary to spend $20 000 on security.
After the risks have been addressed, system builders will concentrate on the control points with the greatest vulnerability and potential loss.
3.3.
Security policy
After having identified all the main risks, your company need to develop a security policy for protecting the company’s assets.
A security policy has some main tasks: ranking information risks, identifying acceptable security goals and identifying mechanisms for achieving these goals. The management must also determine an maximum level of risk that is will be willing to accept (i.e. level of acceptable risk).
An acceptable use policy or AUP defines acceptable uses of the firm’s information resources and computing equipment. A good AUP defines (un)acceptable actions for every user and specifies consequences for noncompliance.
Example: You get a laptop only when you sign a document to make sure you will keep it clean.
Identity management identifies the valid users of a
system and controls their access to system resources. Example: If a person gets fired, the identity management must immediately exclude him from the system
In this figure we can see an example of how an identity management system might function. It specifies what parts of the system each user is able to see and use. The database contains also some sensitive personal information about the employees.
Profile 1 (inputting employee) can update the system, but cannot read or update sensitive fields. Profile 2 (divisional manager) cannot update the system but can read all the sensitive information.
3.4.
Disaster recovery planning and business continuity planning
Disaster recovery planning invents plans for the restoration of disrupted computing and communication services.
The focus lies on the technical issues to keep the systems up and running.
Example : When something happens to the system, all the files go to a backup system.
Business continuity planning focuses on how the company can restore business operations after a disaster. It
identifies critical business processes and determines action plans for handling critical functions when the systems go down.
3.5.
Role of auditing
An information systems audit examines the firm’s security environment as well as controls governing individual information systems. The auditor should follow the flow of transactions and perform tests using automated audit software. The information systems audit may also examine data quality.
In other words, the auditor controls whether the manager has implemented the right security and control mechanisms.
4. What are the most important tools and technologies for security?
Business have tools for managing user identities, preventing unauthorized access, ensuring system availability and ensuring software quality.
