business information technology script,
DESCRIPTION
BIT script, VU univerity, International Business administrationTRANSCRIPT
BIT_samenvatting_colleges.pdf
Samenvatting collegeaantekeningen BIT
Vrije Universiteit Amsterdam (VU) | Business Information Technology
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
Door Jordy Herberichs ([email protected])
Hoorcollege 1 (H1)
Information systems = organization (structure, culture, processes, strategy) + people (work, job satisfaction, motivation, user friendliness) + IT (hardware, software, systems, network). These are interrelated, not separable.
Data = collection of non-‐random symbols, numbers, words, images and sounds. They represent facts, are recorded by observation or research and are not organized to convey specific meaning (Example: 03-‐09-‐12-‐0900). Data is useless without a label and/or context. Information = data related to other (contextual) data. They are processed, contextually relevant and meaningful and useful to human recipients (Example: a financial ledger). Knowledge = skills + experience + accumulated learning + judgment. This is the result of activities and related information processing. It is needed for decision-‐making and understanding and relating date or information.
Information Systems (IS) = group of interrelated components (organization, people and IT) that work collectively to carry out input, processing, output, storage and control actions in order to convert data into information. IS are more than just IT (which is just the technology), it requires understanding of business. IS are important because processing information is crucial for organization’s survival and advantage, and the volumes and importance of information are growing. IS give meaning to data.
How to deal with all the information? (Galbraith, 1974) -‐ Reduce need for information processing (create buffers, reduce coordination, ask yourself whether it’s feasible in today’s complex, uncertain, globalizing environment). -‐ Increase capacity for information processing (IS).
Hoorcollege 2 (H4 + H5)
Five forces model (Porter) and the influence of IS: -‐ Supplier power: IS changes balance of power in markets. -‐ Substitute products: IS creates new products and differentiate existing products. -‐ Buyer power: IS changes balance of power in markets. -‐ Threat of new entrants: IS raise entry barriers / make market entry easier. -‐ Internal rivalry: IS changes balance of power, reduce costs and make management more effective.
The best IS for a company depends on its focus: -‐ Process (operational excellence): ERP, SCM, Workflow, E-‐commerce. -‐ Product (product leadership): SCM, Collaboration tools, CAD, CAM. -‐ Customer (customer intimacy): CRM, E-‐commerce, business analytics.
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
IS strategy: a portfolio of IS to be implemented, which is both highly aligned with business strategy and may have the ability to create an advantage over competitors.
Strategic alignment, two approaches: -‐ Business aligning: how can IS support business strategy? -‐ Business impact: how can IS shape business strategy?
IS strategy process: 1. Determine approach: change emphasis not order. 2. Determine scope: corporate IS strategy? IS strategy for parts of the organization? 3. Determine objectives: general objectives (improve business in general, etc.) and specific objectives (develop new policies, change structure, etc.) 4. Analysis of internal and external environment: IS/IT environment and business environment. 5. Strategic definition. 6. Strategic implementation.
Analysis of current IS/IT: strategy, information resources & flows, employees and technological infrastructure. Tools: -‐ Information flow modeling: identify key flows, potential improvements (accuracy, speed, timeliness, costs) and determine benefits of improvements.
Information flow model
Business process model
Data model
Focus Organizational information exchange
Business process Data organization
Level of analysis Elements of the organization
Activities Data elements
Goal Gap analysis for IS strategy, or system design
Process analysis and optimization
System design
-‐ McFarlan’s strategic grid: the purpose is assessing importance of IS, see whether IS do match strategic objectives and IS match IS management.
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
Analysis of IS/IT: -‐ Technological trends. -‐ Business opportunities. -‐ IS/IT used by other comparable organizations (use McFarlan’s grid). -‐ IS/IT used by competitors (use McFarlan’s grid).
Hoorcollege 3 (H2 + Chaffey & White: H2 + H3)
Why IT knowledge? To better communicate with nerds, IT is everywhere, increased dependency on information, IT enables organizational change and basic IT knowledge is necessary to understand IS.
Layered approach: 1. Application: useful task, business process (Word, Facebook) 2. Infrastructure/support software: database management, ERP infrastructure (DBMS, webserver). 3. Operating system: file and process management, resources, users (Linux, Windows). 4. Driver software: machine code instructions, controllers for hardware (LDI X R1, ADD). 5. Hardware: -‐ CPU (control unit, arithmetic logic unit). -‐ Primary storage (read-‐only memory (incl. BIOS), random access memory (RAM)). -‐ Secondary storage (hard discs, USB-‐sticks, CD, DVD). -‐ Networking (modem, network card, wireless transceiver, optical interface). -‐ Input devices (mouse, touch screen, audio in, scanners, sensors). -‐ Output devices (monitor, printer, plotter, robots).
Computer functions: collect (filter clean up), store and retrieve (search, list aggregate), process (combine, calculate, extract) and disseminate (presentation).
Moore’s Law: the amount of transistors on a CPU doubles every 1,5 to 2 years.
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
Binary digit = bit 0 or 1. Byte = 8 combined bits. Transistor: when a bit is 1 it can pass, when it’s 0 it doesn’t. Developments in hardware: increasing processing capacity, increasing storage capacity, decreasing size, increasingly distributed/modularized.
Network = system to connect 2 or more devices. Scale/scope: LAN, WAN. Primary connecting media: wired, wireless, optical. Network architecture: -‐ Centralized: 1 server, many clients. -‐ Distributed: many servers, many clients. -‐ Peer-‐to-‐peer: no dedicated server, many clients.
Many different protocols and standards (= standard language for communication, governed by standard-‐setting organizations): TCP/IP (internet), Ethernet, Wi-‐Fi, Bluetooth, UMTS (3G). Measurement of network performance: transmission speed, latency (delay), reliability, availability, security. From provider’s perspective: utilization, load, efficiency. Developments in networking: increasing capacity, increasing interconnectedness, increasing mobility.
Software types: -‐ Application software: enterprise systems, departmental applications, personal productivity and group working applications. -‐ Systems software: operating systems, development software, database software. Considerations for software choice: type of software, functionality, performance ease of use, interoperability, make/rent/buy (custom made, packaged/off-‐the-‐shelf, hosted, tailored/customized), open source. Developments in software: multimedia (text/numbers -‐> audio/video), integration of functions, mobile apps, networked communication, increasingly distributed.
IS classification: by management layer (operational, tactical, executive), by function (purpose of the IS) and by reach (geographic reach, individual, local/departmental, enterprise, IOS). Functions of IS: -‐ Operational: processing routine transactions, payroll, order entry, administrative systems. -‐ Monitoring: performance checking, student trail system, forecasting. -‐ Decision support: value different alternatives, make decisions. -‐ Communication: e-‐mail, IM, groupware, workflow, SCM.
Management Information Systems = help management and executive layers to make decisions by using data gathered from different sources and combining these data. Often make use of a data warehouse. Knowledge Management Systems = help an organization in creating, acquiring, retrieving and storing knowledge (BI, communication, groupware, wiki).
Technological developments: modularity & virtualization, web-‐enabled, mobile technologies, augmented reality, web 2.0, community software, RFID (uses microchips containing data about an item and its location, mostly used to track goods in a supply chain), cloud computing.
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
Hoorcollege 4 (H5)
Modeling: -‐ When? As a part of building/changing an IS. -‐ What? Representation of facts (data) and activities (processes). -‐ Why? To stimulate the creative process, for building software itself, to improve communication between domain experts and technicians, to evaluate completeness and consistency, to provide basis for planning and control.
Modeling types: -‐ Information flow modeling. -‐ Process modeling: activity diagrams (flow, sequence). Optional: roles and swimlanes. -‐ Data modeling: data types (integer, string), entity-‐relationship diagrams.
Data hierarchy: 1. Bit: 0/1. 2. Byte: character. 3. Field: group of characters. 4. Record: group of related fields. 5. File: group of records of same type. 6. Database: group of related files.
Traditional file processing: each functional area has its own applications and files. Problems with separate data files: data redundancy (presence of duplicate date) and inconsistency (same attribute has different values), program-‐data dependence, lack of flexibility, poor security and lack of data sharing and availability.
Relational database: two-‐dimensional tables called relations or files. Each table contains data on one entity (e.g. student) and its attributes (e.g. student nr, address, courses). Table = grid of columns and rows. -‐ Rows: records for different instances of an entity. Each student has a record. -‐ Fields (columns): represents attribute for entity. -‐ Primary key: field that uniquely identifies each record in a table. -‐ Foreign key: field that is a primary key in another tables, used for looking up records from that table and links records together.
Entity-‐relationship diagram (ERD): used by analysts to document the data model, illustrates relationships (one-‐to-‐one (1-‐1), one-‐to-‐many (1-‐N) or many-‐to-‐many (N-‐N)) between entities.
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
Implementation: entities become tables, relationships become represented by foreign keys in tables, many-‐to-‐many relationships become intermediate tables.
Data model and IS: -‐ A correct data model is essential for an IS to function correctly and efficiently. -‐ In practice often thousands of entities (tables) are related to each other. -‐ Normalization: minimized redundancy and many-‐to-‐many relationships. -‐ Referential integrity: consistent relationships.
Database Management System (DBMS): specialized software for storage, manipulation and retrieval of structured data, interfaces between applications and physical data files. Capabilities: data definition capability (specifies structure of content), data dictionary (automated/manual file storing definitions), data manipulation language (used to add/change/delete/retrieve data from database).
Large databases: require special capabilities and tools to analyze large quantities of data and to access data from multiple systems. Data mining (discovery): discover patterns in large data sets (associations, sequences, classification, clustering, etc.), web mining (patterns in visits, search behavior, etc.) Business intelligence/analytics. Data warehouse: stores current and historical data from many core operational systems. Will provide query, analysis and reporting tools. ETL: Extract, Transform, Load Data marts: subset of data warehouse. Summarized or highly focused portion of firm’s data for use by specific population of users. Typically focuses on single subject or line of business.
ERP (Enterprise Resource Planning) (system): a packaged business software system that lest an organization automate and integrate the majority of its business processes, share common data and practices across the enterprise and produce and access information in a real-‐time environment. Implementation involves business process redesign and data modeling, so it’s not the same as a central database. Benefits: consistent, accurate, integrated data; streamlined process (reduced cycle-‐time and costs) and improved maintenance, scalability and adaptability. Risks: high initial costs and risks; lack of feature-‐function fit; tension with existing organizational structure and culture; vendor dependency. Scope of ERP increased over the years: often include CRM, SCM and more.
Hoorcollege 5 (Chaffey & White: H2 + H3)
Internet = very large scale computer network connecting millions of computers. Started as an advanced research project of the department of Defense.
OSI 7 layer model: 7. Application: the contact with the human (e.g. Word, webbrowser) 6. Presentation: how are the 0’s and 1’s presented visually 5. Session: about the specific session you’re in (e.g. log-‐in procedures) 4. Transport: takes care when the destination you want to send something to isn’t
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
in your own network. 3. Network: how you determine that your message only gets to one destination 2. Data link: single circuit, basal error checks 1. Physical: moving the 0’s and 1’s (bits)
TCP/IP model: 5+6+7 Application 4 Transport 3 Internet 1+2 Network interface TCP/IP line is not a dedicated connection just to you, but for everyone, so it can work much more efficient.
Internet characteristics: -‐ Packet switching: digital data is sent in small packages called packets. -‐ Packets: contain data, address information, error-‐control information and sequencing information. -‐ Transmission Control Protocol (TCP): ensures that messages are properly routed from sender to receiver and that those messages arrive intact. -‐ Internetworking Protocol (IP): enables the intercommunication of inter-‐ and intra-‐organizational networks. -‐ Bandwidth: the information carrying capacity of communication lines.
World Wide Web protocol: -‐ HTTP: Hypertext Transfer Protocol. -‐ URL: Uniform Resource Locator => DNS (Domain Name Server) translates IP-‐address in domain name space (e.g. 130.05.23.23 => http://www.google.nl/). -‐ Client-‐side: HTML, JavaScript, Flash (displays content, adds interactivity). -‐ Server-‐side: .NET, ASP, Java (used to communicate with webserver to get/receive data). -‐ Database: SQL, db_app software (communication between database server and web-‐server).
Markup languages: -‐ HTML (Hypertext Markup Language): easy to use, but no full separation of contents and layout, hard to interpret for non-‐humans. -‐ XML (eXtensible Markup Language): consists of three documents, divide content and form.
Web 1.0: done by hand, only sending information, static content, managed by owner. Web 2.0: user generated content, user interaction, collaborative, participative, everybody can generate contents, add information easily, read and write, managed by owner and others. Principles: decentralization of content creation, network effect, crowdsourcing.
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
E-‐business: online shopping. Pros: convenience (24/7), information & reviews, price. Cons: security/fraud, privacy, limited product inspection. But it’s not only online shopping: increasing customer interaction (user innovation, crowdsourcing, customer communities) and new business models (disintermediation, reintermediation).
Intranet: content (information) + communication (exchange) + collaboration (transactions, document sharing, etc.) Extranet: all of the above but with partner access. Boundaries between intranet, extranet and internet are disappearing; they’re all based on the same technology.
Customer Relationship Management (CRM): -‐ Customer acquisition: get new customers. -‐ Customer retention: make a customer buy more of the same product. -‐ Customer extension: make a customer buy other products. -‐ Customer selection: target specific customers. Benefits: increased efficiency, reduced complexity, improved data integration, reduced cost through outsourcing, innovation, customer benefits.
Interorganizational Systems (IOS): coordinate processes across organizations and between organizations and customers (e.g. Supply Chain Management (SCM) systems, ov-‐chip card). IOS stages: ========>
Hoorcollege 6 (Gastcollege ING)
Essence of banking (evolving pillars): -‐ Secure storage of value. -‐ Bridging savings and investments. -‐ Manage risks. -‐ Facilitate trade. -‐ Enable (remote) payments.
Common theme is trust (DSB fiasco).
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
McFarlan’s grid for banks:
Factory Strategic
Account management, payments processing, payment channels, ATM operation
Online banking systems, payment factories
Support Turnaround
Billing engines, CRM, customer intelligence, management reporting
-‐ (no R&D in banking)
X-‐axis = IS impact on future strategic objectives Y-‐axis = IS impact on operational performance Can we work without it for a day? Yes = bottom half of the grid Is it just to retain customers? Yes = left half of the grid
Credit transfer: regular cash transfer. Direct debit: incasso.
Non-‐bank payment types like PayPal make the banks less necessary. Great advantage of iDeal is the privacy, the company never knows your details. 95% of payments (in volume, in euros) in the Netherlands is with card, just 5% is cash.
3 steps of payments: 1. Authorization: are you who you say you are, do you have enough cash) 2. Clearing: sort out the payments, where does the money go 3. Settlement: actually make the payments; transfer the money to another account.
The Red Ocean: payments are basically a transfer of funds and money is generated from processing fees and liquidity intake. The Blue Ocean: payments are a valuable source of data to understand what is going on in the real world and money is generated from using this knowledge.
There are lots of discussions and lawsuits about the interchange fee (acquirer has to pay a fee to the issuer for each payment).
Trend: disintermediation of banks (Tesco offering cards).
Hoorcollege 7 (H6 + Malone)
Organization structure = what an organization looks like, so it’s a definition of functions, roles, tasks, departments and the relationships between those. Characteristics: -‐ Division of labor: task units, degree of specialization. -‐ Line vs. staff positions: staff directly involved in production process vs. service staff (finance, IT). -‐ Span of control: supervision levels & numbers. -‐ Coordination & control: vertical control vs. horizontal coordination. -‐ Central vs. decentralized decision-‐making: central (top) vs. local (bottom) decision-‐making.
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
ERP systems: coordinate processes, knowledge and activities among different business functions, levels and business units to improve efficiency. They are integrated IS (usually from a single vendor) that coordinate internal processes. They provide company-‐wide data to support decision-‐making (customer, strategic, etc.). An ERP tends toward centralization, control and integration. Advantages: -‐ Integration & standardization: uniform organization, integrate regional differences and cultures, leverage scale. -‐ Outside connections: customer driven (improve quality, built to order), supply chain integration. -‐ Information availability and synchronicity across departments. -‐ Decision information: control by reliable indicators (MIS), provide data for DSS and analytical tools. Disadvantages: -‐ Low success rate: 70% of companies haven’t obtained the promised benefits on schedule, or spend more than intended. -‐ High Total Cost of Ownership (TCO): license fees, consultancy costs, maintenance staff, change over costs. -‐ Organizational change requirements: integration (loss of cultural values), best practices (competitive advantage), standards (innovation).
Is changes decision-‐making and coordination: -‐ Decision making and coordination across time and distance (increased speed of information exchange, increased availability of information). -‐ IS create more/less centralization and control.
Malone (1997): three types of decision-‐making. 1. Cowboys: independent, decentralized (e.g. local store owner, farmer) -‐ Relatively low need for communication. -‐ Decisions based on local information. 2. Commanders: centralized (e.g. top management of multinational, army). -‐ Higher communication needs. -‐ Decisions based on information from diverse sources. 3. Cyber-‐cowboys: connected, decentralized (e.g. sales reps, consultants). -‐ Even higher communication needs. -‐ Autonomous decisions, but based on vast amounts of remote information.
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
Type of decision-‐making depends on: trust (local and management), if local decisions are improved by local information and if autonomy is valued positively. According to Malone IS lead to empowerment, because communication costs are reduced and important information is easily available at lower levels in the organization. But technology can also lead to centralization: control monitoring, automation of tasks.
IS enables new organization structures: virtual companies and teams. Venkatraman & Henderson (1998) on virtual organizing:
Hoorcollege 8 (Ambrust)
Cloud computing refers to both the applications delivered as services over the internet and the hardware and systems software in the data centers that provide those services (Ambrust et al., 2010). It’s the convergence of three major trends: -‐ Lower costs of information flows and communication (broadband, networks). -‐ Separation of applications and infrastructures (multi-‐tenancy). -‐ Utility computing: where server capacity is accessed across a grid as a variably priced shared service. SaaS = Software as a Service (e.g. Facebook, Spotify, SkyDrive, BaseCamp). PaaS = Platform as a Service (e.g. Google AppEngine, Windows Azure). IaaS = Infrastructure as a Service (e.g. Rackspace hosting, IBM, GoGrid).
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
Utility computing: the ability of companies to access computing services, business processes and applications from a utility-‐like service over a network. Particularly useful when demand is unknown in advance, for batch analytics and if demand for a service varies with time).
Cloud computing Positive implications: no start-‐up costs, more scalability, decrease Total Cost of Ownership, supports virtual company. Negative implications: uncertainty concerning availability and performance, uncertainty concerning business continuity, data confidentiality/privacy. Privacy issues: -‐ Information is no longer in your direct custody or control, handed over to a third party to manage and resident in a different jurisdiction. -‐ Mass-‐market cloud services are subject to take it or leave it service agreements. -‐ Information and data may not be portable (you can’t take it with you). Solutions: -‐ Cloud broker: an entity that manages the use, performance and delivery of cloud services, and negotiates relationships between cloud providers and consumers. -‐ Private cloud: separated storage for only one user (e.g. an organization), isolated from foreign users.
Big data = a collection of data sets so large and complex that it becomes difficult to process using on-‐hand database management tools. Why so much data? Because we can get it, we can keep it and we can use it.
Business analytics = the set of practices, skills, techniques and technologies, that are employed by organizations to access, report and analyze data in order to understand business performance and support decisions making processes. Analytics need to be embedded into the machinery of organizational action: operational decision-‐making, business processes, manager and employee behavior, customer expectations Implications: -‐ Enhanced insights, improved quality of information, increased managerial productivity, improved efficiency and effectiveness, support for achieving competitive advantage. -‐ Organizations have to adapt: hire the right people, use the right technology, establish an analytics culture.
Hoorcollege 9 (H6 + H8)
Culture: consists of values & beliefs (learned unconsciously), and practices (learned consciously). IS and culture, cultural types:
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
-‐ Open system: focused on environment, entrepreneurial, responsive to customers, organic, flexible. -‐ Rational goal: focused on efficiency in terms of external requirements, directive, goal-‐oriented, competitive, rule-‐driven. -‐ Internal process: focused on internal efficiency, stability, control, routine, procedures, conservative. -‐ Human relations: informal, interpersonal relations, well-‐being, commitment, participation, support.
Power = ability to exert influence over others. There are five bases of power: coercive, reward, administrative expertise, technical expertise, referent. Centralization decreases autonomy (and thus local power).
For a new IS, consider the fit with current organizational culture and the power players. People effect the performance of an IS, the IS can add or diminish their contribution and systems fail usually because managers ignored human aspects.
Human-‐Computer Interaction (HCI): focuses on users, their tasks and how IS can support these. Important are the interface design and task analysis. Important for program designers.
Technology Acceptance Model (TAM):
UTAUT:
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
Relevance of these models: -‐ For system design: ease of use / effort expectancy important. -‐ For system implementation: stress utility (perceived usefulness is crucial), social influence, use depends heavily on context (facilitating conditions, experience, voluntariness).
Human needs: work design model
Productivity paradox -‐ IS contributes to efficiency and productivity: speeds up processes, improves availability of information, improves connectedness of people. -‐ IS leads to Information overload: feeling of receiving more information than one can handle. Causes of the paradox: formalization of communication, high IT costs, mismanagement, IT needs more IT, unintended effects, humans.
Commitment vs. control: -‐ Control: monitoring, replacing human skills (automation of work). -‐ Commitment: self control, autonomy, empowerment, complementing human skills, replacing only those tasks that are boring and repetitive.
Framework distributed work:
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
New ways of working: -‐ Working from home: increases productivity, better work/life balance, less stress, regular face-‐to-‐face contact needed for commitment and cohesion. -‐ Flexible workspace: no personal desks, cases with folders, laptops etc. -‐ Virtual teams: teams whose members use technology to varying degrees in working across locational temporal and relational boundaries to accomplish an interdependent task. Pros: better performance, knowledge resources, cost advantages, diverse skills and resources, culturally diverse. Cons: cultural differences, language differences, difficulty establishing common ground, good teamwork more difficult to achieve. Dependent upon: team, training, task, technology. Needs a cultural change: both driver and effect; focus on output, not presence.
Task complexity & media richness: choice for communication technology determined by information characteristics.
Socio-‐technical design: systems design should take account of interdependencies between different elements of the system. Reconcile needs of both technological and social system.
Hoorcollege 10 (H7 + H9 + H10 + Kim & Lee)
Implementation: internal strategy formation, project definition and activities aimed at introducing an IS to the users of an organization, with the aim of removing resistance and stimulating optimal use of the application. Issues: fitting technology into organization, familiarizing users with technology, facilitating and stimulating use. Challenges: often technologically advanced, introduced into an established firm, external conditions likely to change during project, may involve links with other firms, magic bullet expectations.
Implementation strategies (Kim & Lee, 1991): -‐ Empirical-‐rational: people act rationally and make their decisions on the basis of rational considerations, taking their own interests into account (do: education & training, communication between developers and users, selection of suitable personnel, create realistic, optimistic expectations regarding the value of the application). -‐ Normative/re-‐educative: people are primarily geared towards satisfying needs and these needs are dependent on the social and professional context (do: facilitate and promote participation, influence attitudes (find opinion leaders), create positive climate towards
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
implementation, active learning process). -‐ Power/coercive: people’s behavior is affected by political or economic sanctions (do: leaders with sufficient authority and resources, identifying resistance, reorganization of related reward systems, hire experts or consultants).
Information management: -‐ Collect information: internal and external. -‐ Organize information: IS -‐ Process information: knowledge management. -‐ Maintain information: security, information overload.
IT governance = the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.
Chief Information Officers (CIO): responsible for information management and IT governance in an organization. Has a strategic function (part of management team) and a structural function (IT leader).
IS portfolio management:
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
IS structure architecture: Centralized IS architecture: -‐ Pros: system integration, accessibility, concentrated expertise. -‐ Cons: inflexible and remote, few are fully satisfied. -‐ Works best in: central, vertical organizations with little interaction between units. Decentralized IS architecture: -‐ Pros: satisfied users, flexibility & local. -‐ Cons: high costs, scattered expertise, difficult to integrate systems. -‐ Works best in: independent units. Federalized/distributed IS architecture: -‐ Pros: independent local systems & shared central systems, flexibility & centralization. -‐ Cons: higher costs, expertise still scattered, difficult to integrate systems. -‐ Works best in: high interdependence between units, turbulent environment, decentralized decisions.
Developing software: don’t develop software when there is limited or unskilled IS staff. -‐ Pros: tailor made, flexible, fast to adapt, user involvement. -‐ Cons: expensive, may be difficult to integrate, knowledge has to be kept in-‐house. Outsourcing: turning over responsibility for some or all of an organization’s IS development and operations to an outside firm. -‐ Pros: access to know-‐how and consulting, lower personnel and fixed costs, greater attention to core business, technical advantages (uptime, upgrades, backup, etc.). -‐ Cons: loss of control and dependency, loss of experienced employees, paying too much, IT out of touch with primary process, inflexibility to experiment with IS.
IS cost/benefit analysis: formal-‐rational method. -‐ Most used due to transparency: payback period, return on investment, discount cash flow. -‐ Cost of purchase: hardware & software. -‐ Implementation: training, BPR, existing systems, parallel running, quality dip. -‐ Ownership: support, staff, upgrades, maintenance, obsolescence. -‐ Change: interoperability & openness. -‐ Tangible benefits: cost savings, quality improvements, avoiding cost increases, revenue increases, staying in business. -‐ Intangible benefits: improved information flows, motivation, customer satisfaction, reputation, flexibility, product differentiation, innovation/knowledge/learning. -‐ Balanced scorecard: financial perspective + customer perspective + internal business perspective + innovation & learning perspective. Problems: very hard to identify all costs/benefits, reasons for failures of IS include over-‐emphasis on costs, quantitative approach does not fit IS projects.
Security: threats to information. Because of accidents (human errors account for 40-‐60% of the breaches), natural disasters, hacking, malware (virus, worm, Trojan, spyware, adware, botnet), other internet related threats (phishing etc.).
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
Hoorcollege 11 (Gastcollege Shell)
Lot of innovation: partners in formula 1, biofuels, environmental sustainability. Shell doesn’t work alone at oil fields, mostly with national partners, but also with competitors. Trading: not all fuel sold by Shell is actually from Shell, the company trades a lot with other companies.
Four kinds of customers: -‐ Consumers: want cheaper and more efficient fuel. -‐ Industrial customers: B2B -‐ Partners. -‐ Major resource holders.
Buzzwords: innovation: safety, corporate environmental, social responsibility, customer and partner focus, profitability and performance, sustainability and growth, value added technology, competitive shareholder return.
4,500,000 emails per day and 8,000 applications.
IT operating model (lot of it is outsourced/offshored):
Strategy Group CIO Technology Business transformation Business alignment Invest prioritization Innovation New or enhanced business Architecture capabilities Projects Enhancements End to end operations Infrastructure Applications Application services Strategic sourcing for scale, Foundation delivery and access to technology Infrastructure
Shell uses only 8% of its server park. IT use started at the Finance department at Shell, but they aim to use it strategically.
5 behavioral imperatives: a strategy is only as good as your leaders embrace it, our people understand it and our stakeholders see the impact in business outcomes. -‐ External focus: outside-‐in mindset, build external networks, access cutting edge supplier technology, differentiate for competitive edge. -‐ Commercial mindset: TQ unit costs, continue benchmarking, clear commercial frameworks. -‐ Delivery: reliable and sustainable operations, use business KPI’s, solid project delivery, lean demand management. -‐ Speed: single point of accountability, decisions at the highest level, appropriate controls,
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]
embrace escalations to unblock. -‐ Simplicity: discuss, decide and do, functional excellence driven from ITE, consistent operating models, LEAN.
What matters in an organizational culture: -‐ Strong sense of community and social fabric. -‐ Harvest: operational excellence and continuous improvement of our assets. -‐ Curiosity and drive for innovation. -‐ Our leaders role model and personally develop the best in people. -‐ Productive ways of working in an interdependent world.
According to Shell: Data = interpretable for computers Information = interpretable for humans.
How do hackers get access? -‐ Insecure systems: servers, websites, desktops, databases. -‐ Theft of user identities: phishing, spear phishing (= phishing directed towards a specific person). -‐ Vulnerabilities with third parties: suppliers who have not upgraded their security level, joint ventures with lower security standards.
Information risk management process: 1. Risk assessments: define the risk assessment standard, support and validate risk assessments, report on risk factors and levels. 2. Controls: maintain controls register, advise on the controls relevant to mitigate risks, review design effectiveness of controls. 3. Compliance: collect evidence on compliance, review operational effectiveness of controls, report on design and operational effectiveness. 4. Surveillance and incidents: conduct surveillance and report on threats and vulnerabilities, investigate incidents and report on causes and remediation.
Information Resource Management (IRM) takes action at several levels: -‐ Improve. -‐ Remediate vulnerabilities. -‐ Implement effective controls. -‐ End-‐user awareness.
Risks & opportunities: -‐ Cyber insecurity. -‐ Open knowledge society. -‐ Continuing attacks via internet and social media. -‐ Cloud. -‐ Consumerisation (bring your own device)
Distributing prohibited | Downloaded by: An?elko Križan | E-mail address: [email protected]