INFORMATIION

MANAGEMENT &
CONTROL
IT13

What is an Information System

Organized combination of
1.

Hardware

2.

Software

3.

Communications Networks

4.

Data

5.

People

Computer Hardware Technologies

Examples

Dell PowerEdge 2600 File Server

Apple iMac

Sony LCD Flat Panel Monitor

iPod

IDAutomation USB Barcode Scanner

RFID Chip

Computer Software Technology

Examples

Windows XP

Graphics Card Driver Software

PowerPoint

mySAP Customer Relationship Management

Peachtree Accounting

iTunes Software

Telecommunications Network
Technologies

Examples

Ethernet

Netgear Wireless Router

Cable Modem

Cell Phone

WiFi, WiMax card

Bluetooth device

Data Resource Management Technologies

Examples

IBM DB2 8.2

Microsoft SQL Server 2000

Oracle Database 10g

MySQL

Data Mining Software

People Technology

People are the 5th component of an Information System

Everyone forgets the importance of people in an information system.

Example: End User, Data Entry Person, Manager, Programmer, DB

Administrator, Cashier, Secretary, Professor.

Information Systems Serve 3 Roles

IS

can support 3 different levels in business

Expanding Role of IS
Information

Systems are being used in more

areas, especial at the strategic level.

At

the same time, Information Systems are

expanding participation of
End Users (The Grunts)

Biggest

advantages of IS:
Information can flow up
the pyramid faster and
more effectively.

Types of Information Systems

Transaction Processing System (TPS)

Supports

Operations

Updates

Operational Databases

Examples:
ATM

Machine System Banking Transactions

Cash

Register System Point of Sale Transactions

Accounting
Even

System Checking Account Transactions

Pay-per-view or OnDemand is a TPS

Process Control Systems (PCS)

Supports Operations

Monitor and Control Industrial/Manufacturing Process

Examples:

Petroleum Refining

Power Generation

Automobile Manufacturing

Enterprise Collaboration Systems (ECS)

Supports

Operations (Surprised?)
Teamwork, communication, and collaboration
Examples:
E-mail
Chat
Video

Conferencing

Calendaring
Journaling
Workflow
File

Sharing (Kazaa, Morpheus, Limework, Napster)

Management Information System (MIS)

Supports

Management (duh?)

Analysis

& Reporting

Charts,

Graphs, Summary Tools

Examples:
SCT

Banner Managing College Information (Siena uses it)

Spreadsheet
Oracle's

(Excel) One of the first and most basic

Corporate Performance Management

Decision Support System (DSS)

Support

Management
What-if Analysis, Decision Modeling, Scenario
Building, Highly interactive, ad hoc.
Examples
Enterprise
AIMMS

Most

Decision Manager 2.0 Fair Isaac Corporation

3.6

DSSs are custom developed for specific

companies; very few out-of-the-box products.

Executive Information Systems (EIS)

Supports high-level strategic management

Provides critical info from other systems (MIS and DSS).
Portal Concept: one place with links to all information
EISs integrate external information such as economic
developments and news about related markets and
competitors. Helps strategic decision making, not
necessarily tactical.

Tactical doing things the right way right

Strategic doing the right things

INFORMATION
SYSTEMS
SECURITY AND
CONTROL
17

 Information

systems are so vulnerable to

destruction, error, abuse, and system quality
problems

Special

measures are needed to ensure the

reliability, availability and security of
electronic commerce and digital business
processes

18

Software quality assurance techniques

Auditing information systems and safeguarding data quality

19

MANAGEMENT CHALLENGES

Designing systems that are neither over-controlled nor under-controlled

Applying quality assurance standards in large systems projects

20

SYSTEMS VULNERABILITY AND ABUSE

Advances in telecommunications and

computer software
Unauthorized access, abuse, or fraud
Hackers
Denial of service attack
Computer viruses

21

SYSTEM VULNERABILITY AND ABUSE

Concerns for System Builders and Users

Disaster
Destroys computer hardware, programs, data
files, and other equipment

Security
Prevents unauthorized access, alteration,
theft, or physical damage

22

SYSTEM VULNERABILITY AND ABUSE

Concerns for System Builders and Users

Errors
Cause computers to disrupt or destroy
organizations record-keeping and operations

23

SYSTEM VULNERABILITY AND ABUSE

System Quality Problems: Software and Data

Bugs
Program code defects or errors

Maintenance Nightmare
Maintenance costs high due to organizational
change, software complexity, and faulty
system analysis and design
24

SYSTEM VULNERABILITY AND ABUSE

System Quality Problems: Software and Data

Data Quality Problems

Caused due to errors during data input or
faulty information system and database
design

25

CREATING A CONTROL ENVIRONMENT

Controls
Methods, policies, and procedures that
ensure protection of organizations assets
Ensure accuracy and reliability of records,
and operational adherence to management
standards

26

CREATING A CONTROL ENVIRONMENT

General controls
Establish framework for controlling design,
security, and use of computer programs
Include software, hardware, computer
operations, data security, implementation,
and administrative controls
27

CREATING A CONTROL ENVIRONMENT

General Controls and Application Controls

Application controls
Unique to each computerized application
Include input, processing, and output
controls

28

CREATING A CONTROL ENVIRONMENT

Protecting the Digital Firm

On-line transaction processing:

Transactions entered online are immediately
processed by computer

Fault-tolerant computer systems:

Contain extra hardware, software, and
power supply components to provide
continuous uninterrupted service
29

CREATING A CONTROL ENVIRONMENT

Protecting the Digital Firm

High-availability computing: Tools and

technologies enabling system to recover
quickly from a crash

Disaster recovery plan: Runs business in

event of computer outage

Load balancing: Distributes large number

of requests for access among multiple
servers

30

CREATING A CONTROL ENVIRONMENT

Protecting the Digital Firm

Mirroring: Duplicating all processes and

transactions of server on backup server to
prevent any interruption in service

Clustering: Linking two computers together

so that a second computer can act as a
backup to the primary computer or speed up
processing
31

CREATING A CONTROL ENVIRONMENT

Internet Security Challenges

Firewalls

Prevent unauthorized users from accessing

private networks
Two types: proxies and stateful inspection

Intrusion Detection System

Monitors vulnerable points in network to
detect and deter unauthorized intruders

32

CREATING A CONTROL ENVIRONMENT

33

CREATING A CONTROL ENVIRONMENT

Security and Electronic Commerce

Encryption: Coding and scrambling of

messages to prevent their access without

authorization

Authentication: Ability of each party in a

transaction to ascertain identity of other
party

Message integrity: Ability to ascertain that

transmitted message has not been copied or
altered
34

CREATING A CONTROL ENVIRONMENT

Security and Electronic Commerce

Digital signature: Digital code attached to

electronically transmitted message to
uniquely identify contents and sender

Digital certificate: Attachment to

electronic message to verify the sender and
to provide receiver with means to encode
reply
35

CREATING A CONTROL ENVIRONMENT

Public Key Encryption

36

CREATING A
CONTROL
ENVIRONMENT

Digital
Certificates

37

CREATING A CONTROL ENVIRONMENT

Developing a Control Structure: Costs and Benefits

Criteria for determining control structure

Importance of data
Efficiency, complexity, and expense of each
control technique
Level of risk if a specific activity or process
is not properly controlled
38

CREATING A CONTROL ENVIRONMENT

The Role of Auditing in the Control Process

MIS audit
Identifies all controls that govern individual
information systems and assesses their
effectiveness

39

CREATING A CONTROL ENVIRONMENT

Sample Auditors List of Control Weaknesses

40

ENSURING SYSTEM QUALITY

Software Quality Assurance Methodologies and Tools

Development methodology: Collection of

methods, for every activity within every
phase of development project

Structured: Refers to fact that techniques

are carefully drawn up, step-by-step, with
each step building on a previous one

41

ENSURING SYSTEM QUALITY

Software Quality Assurance Methodologies and Tools

Structured analysis: Method for defining

system inputs, processes, and outputs, for
partitioning systems into subsystems or
modules

Data Flow Diagram (DFD): Graphically

illustrates systems component processes and
flow of data
42

ENSURING SYSTEM QUALITY

Data Flow Diagram for Mail-in University Registration System

43

ENSURING SYSTEM QUALITY

Software Quality Assurance Methodologies and Tools

Structured design: Encompasses set of

design rules and techniques for designing
systems from top down

Structured programming: Organizing and

coding programs that simplify control paths

44

ENSURING SYSTEM QUALITY

High-Level Structure Chart For a Payroll System

45

ENSURING SYSTEM QUALITY

Limitation of Traditional Methods

Inflexible
Time-consuming

46

ENSURING SYSTEM QUALITY

Tools and Methodologies for Object-Oriented Development

has become industry

standard for analyzing and designing objectoriented systems.

Unified Modeling Language (UML)

Structural diagrams

describe the relation between

classes.

describe interactions in an
object-oriented system.
Behavioral diagrams

47

ENSURING SYSTEM QUALITY

Tools and Methodologies for Object-Oriented Development

has become industry

standard for analyzing and designing objectoriented systems.

Unified Modeling Language (UML)

Structural diagrams

describe the relation between

classes.

describe interactions in an
object-oriented system.
Behavioral diagrams

48

Basic Program Control

Constructs

49

ENSURING SYSTEM QUALITY

Computer-Aided Software Engineering (CASE)

Automation of step-by-step methodologies

for software and systems development
Reduces repetitive work
Enforces standard development methodology
and design discipline
Improves communication between users and
technical specialists
50

ENSURING SYSTEM QUALITY

Computer-Aided Software Engineering (CASE)

Organizes and correlates design components

Automates tedious and error-prone portion
of analysis and design, code generation,
testing, and control rollout

51

ENSURING SYSTEM QUALITY

Visible Analyst: A Tool to Automate Object-Oriented Analysis and Design

52

ENSURING SYSTEM QUALITY

Resource Allocation During Systems Development

Resource allocation
Determines how costs, time, and personnel
are assigned to different phases of systems
development project

53

ENSURING SYSTEM QUALITY

Software Metrics

Objective assessment of software used

in the system in form of quantified
measurements

54

ENSURING SYSTEM QUALITY

Testing

Walkthrough: Review of specification or

design document by small group of people

Debugging: Process of discovering and

eliminating errors and defects in program
code

55

ENSURING SYSTEM QUALITY

Data Quality Audit and Data Cleansing

Data quality audit

Survey and/or sample of files

Determines accuracy and completeness of
data

Data cleansing
Correcting errors and inconsistencies in data
to increase accuracy
56

APPROACHES TO
MANAGEMENT
CONTROL SYSTEMS
In this chapter we will discuss:
Cybernetic Approach to Management Control Systems
Contingency Approach to Management Control Systems
Strategy and Control Systems

CYBERNETIC APPROACH TO
MANAGEMENT CONTROL SYSTEMS

Cybernetics has its origin in the Greek work Kybernetes which means
steersman.

Cybernetics is the study of the entire field of control and

communication theory, whether in the machine or the animal

Cybernetics has been applied in such diverse fields as radar control,

animal genetics, inferential automation, cryptography and
deciphering, automatic machine tool control, language translation,
teaching machines, artificial intelligence and robotics.

CHARACTERISTICS OF A CYBERNETIC
SYSTEM

Complex structures

There are number of heterogeneous interacting components in a cybernetic

system, making it complex.

Mutual interaction

The various components of a cybernetic system interact in a way that creates

multiple interactions within and among the subsystems.

CHARACTERISTICS OF A CYBERNETIC
SYSTEM

Complementary

In cybernetic systems multiple interactions take place as a result of multiple

processes and structures.

Evolvability

Cybernetic systems tend to evolve and grow in an opportunistic manner, rather

than being designed and planned in an optimal manner.

Constructivity

They increase in size and complexity by building on their existing characteristics

and also developing new traits.

ESSENTIAL ELEMENTS OF CYBERNETIC

CONTROL PROCESS
1.

Setting goals and performance measures

2.

Measuring achievement

3.

Comparing achievement with the results

4.

Computing the variances resulting from the preceding comparison

5.

Reporting the variances

6.

Identifying the causes of the variation

7.

Taking the required action to eliminate the variances in the future

8.

Follow-up to ensure that the goals are met

CYBERNETIC PARADIGM AND THE

CONTROL PROCESS

DESIGNING MANAGEMENT CONTROLS

The process of establishing controls should be seen as a constructive

exercise that will help in enhancing the performance of the
employees. The standards set should be challenging, but at the same
time, attainable.

The objectives should be measurable to enable evaluation of

performance.

Controls should focus on the objectives and key results of an activity.

There should be a restricted number of objectives.

There should not be too much focus on easily measurable factors and
short-run variables. Attention should be paid to all the important
variables in a balanced fashion.

Responsibility for results should rest with a single individual to avoid

duplication of work.

CONTROL PROCESS HIERARCHY

the

goal-oriented control process follows the

cybernetic paradigm and involves planning,
decision-making and controls.

It

operates through a hierarchy of control, and its

main purpose is the attainment of organizational
goals and objectives.

CONTINGENCY APPROACH TO
MANAGEMENT CONTROL SYSTEMS

Contingency theory is based on the premise that the

design and use of control systems is contingent upon the
particular context of the organizational setting in which
the controls operate.

The contingency theory, the classical theory developed by

management scientists like Fayol, Burns and Stalker, and
Lussato assumed that people were motivated by economic
rewards.

THE NEED FOR THE CONTINGENCY

APPROACH

Technology

It has long been recognized that technology influences the design of control systems.
New computer systems enable companies to respond to changes in the environment
and refashion corporate policies rapidly.

Organizational structure

A modern organizations structure should be such that it can cope with a high degree
of uncertainty, as new tasks are constantly incorporated into the production or work
process.

Environment

In order to survive, organizations have to adapt to the demands of their environment.

Management controls in an organization are greatly influenced by the type of
competition faced by the firm. The contingency approach helps to develop a highly
sophisticated control system in line with the intensity of competition the firm faces.

STRATEGY AND CONTROL SYSTEMS

According to Kenneth R Andrews, strategy is a process by which senior

executives evaluate company's strengths and weaknesses in light of the
opportunities and threats present in the environment, and decide on a
product market that fits the company's distinctive competencies with
environmental opportunities.

Strategies can be considered at two levels in an organization. There are

strategies for the organization as a whole (corporate strategy) and strategies
for each business unit (business unit strategy).

CORPORATE STRATEGY

Corporate strategy relates to the firm as a whole.

Corporate strategy involves making plans regarding where

and how the firm can compete in an industry.

At the level of corporate strategy, controls refer to the

mechanism by which corporate executives influence the
strategic direction of the firm and the level of
achievement of the firm's objectives.

Corporate strategy and controls should be integrated in

order to keep employee behavior in congruence with
managerial goals.

BUSINESS UNIT STRATEGY

Business unit strategy deals with creating and maintaining competitive advantage in
all the businesses the company operates in. Business unit strategy for an organization
has two interrelated aspects: mission and competitive advantage.

Mission

A mission statement is a broad organizational goal, based on planning premises, which

justifies an organizations existence.

Competitive advantage

Porters Five Forces Model analyzes the competitive structure of an industry on the basis
of the following factors:
Intensity of rivalry among the existing players
Bargaining power of the buyers
Bargaining power of the suppliers
Threat from substitutes
Threat of new entrants

DESIGNING MANAGEMENT CONTROL

SYSTEMS

MANAGEMENT CONTROL SYSTEM

is a set of interrelated communication structures that facilitate processing

of information and coordination between different parts of an organization.

STEPS IN DESIGNING MCS

1. Choice of Controls
2. Tightness of Controls

CHOICE OF CONTROLS
ACTION CONTROL - are controls that
work on the standard sets of procedures.
ADVANTAGES

They are directly linked to the task being

performed.

They direct managerial attention towards

the actions being taken within the firm.

Their application in an organization is

uniform in nature and hence they aid in
organizational coordination.

Since these controls work on a standard

set of actions, they act as a knowledge
repository and guide the implementation
process even when key managers leave
the organization.

In a positive sense, these controls are

means for attaining efficiency, as they are
a key element in the bureaucratic form of
organization.

DISADVANTAGES

Action controls are useful only for highly routinized jobs.

This type of control does not foster creativity and innovation among
employees, as employees have to follow rigid rules.
Since these controls do not encourage creativity, employees tend to
quit their jobs.
Because of the rigidity of rules, companies have difficulty in adapting
to the changing external business environment.

TIGHTNESS OF CONTROLS

It is necessary to know whether there are any harmful effects of the control being
used. For example, if the environment in which the employees are working is
unpredictable, then tight controls will not work, as employees need autonomy to take
actions. As tight controls limit adaptability, employees will find it difficult to adjust to
changing environment.

The best control method would be a combination of tight and loose controls - an
environment where autonomy, entrepreneurship and innovation are encouraged, and,
at the same time, employees share a