Ethics is a branch of philosophy that deals with what is considered right and wrong in society. It deals with issues which are not in the realm of legal or statutory domains but which may be considered conventionally right or wrong as per perception of the society of that time.

Slavery was at a certain point in time, legal in United States and then with the passing of legislation later during Abraham Lincoln’s Presidency was deemed illegal. The issue is that even when slavery was legal, it was considered as unethical by some as society considered it as something wrong even when it was legal. Therefore, we can say that ethics is a far greater concept than legality. It has something to do with the basic idea of right and wrong that becomes ingrained in us from childhood. Therefore, if you do a good job and your boss steals all the credit for your work then it becomes unethical behavior on his part but it may not be illegal. An issue becomes ethical in nature when it transgresses any basic norm of human existence.

The issue of ethics in the information age has acquired a different dimension altogether. With more access to information, greater connectivity and anonymity new ethical issues are coming to the fore every day. Some major ethical issues hover around the following questions:

1. How much information about an individual is private and how much that is private which cannot be captured or disclosed?
2. What information can be kept by organizations dealing with individuals?
3. How much right does an individual have over his/her own information?
4. Who can access and who cannot access information?

Most cases of ethical violation in the information society occur due to disclosure of private information. This brings us to the interesting topic of privacy. Let us delve into the issue a little deeper. Is information about a suspected terrorist private or the act that he commits private? Probably not on the other hand if we are asked if information about a dowry victim is private, we will all probably agree that it is. Thus, we see that privacy assumes different degree of severity. In the first case, one can argue that if information about a suspected terrorist is not made public, then the terrorist will not get caught, and will cause more destruction. Thus, the well-being of a majority is at stake if the privacy of information of the terrorist is to be considered. Hence, it may be argued by some that disclosure of such private information as how he looks and what his height is may be considered fine but the same cannot be said for the latter case about the dowry victim. Thus, we see that ethics, privacy and other such related issues have to be considered carefully.

However, the following may be considered ethical issues in information society:

1. Disclosing another individual’s personal details to others. This is a serious ethical issue. Sometimes when the disclosure is of a very private nature this can even become a legal issue.
2. Cyber stalking is when an individual is always stalked in cyberspace resulting in violation of an individual’s privacy and creating a fear in the mind of the stalked. This on a small scale is an ethical issue but may become a legal issue if the stalking becomes serious.
3. Disclosure of trusted content is also another ethical issue. If an individual is in the possession of some trusted content and he shares it with others then that becomes an ethical issue.
4. Distribution of pornographic material with open access is another ethical issue and needs to be controlled.
5. Plagiarism is becoming very rampant as content in soft form can just be copied and pasted from other files and claimed as one’s own. On a small scale this is an ethical issue but when the plagiarism is intentional and on a large scale then this becomes a violation of copyright which is a legal issue.
6. Sending SPAM is also another ethical issue which creates a lot of problems for ordinary users of information systems

Ethics in information society is a very delicate issue and changes with time. At one point of time, stealing of password was an ethical issue. Today it is a crime and has become a legal issue. Such changes in legal and ethical points of view occur with change in legislation and with changes in the norms of society.

The concept of quality has changed over time. The awareness about quality started in the early half of the twentieth century but back then quality was considered more of a technical issue and the onus of quality was vested in a department, which was called quality control department. As the name of the department suggests; quality was a control issue, and hence statistical quality control techniques were developed to keep a ‘control’ over the quality. However, with time and with Japanese influence, this concept has changed.

Now, quality ownership is not vested with one department only but with the entire organization. Everybody in the organization is now quality conscious and quality has become more of a managerial and cultural issue rather than being just a narrow technical one. This transformation of the narrow concept of quality management over time into an all-encompassing broad concept of quality in everything and for everyone has been brought about by the concept of total quality management. In short, total quality management means quality for everyone, in everything and by everybody in the entire organization. It is a much broader concept and views quality more as a management issue than a technical one.

Most importantly, TQM is a continuous process and must be viewed as a process of perpetual improvement to improve the quality of about anything in the organization. It focuses on getting things done right in the first attempt and is more of a philosophy of working (attitude towards working), than anything else. The concept is not new and has been in use in Japanese companies from the mid 1950s, but has gained acceptance in the West from 1980s onwards. TQM has some principles that if adhered to in designing management strategies and processes will result in total quality within the organization.

The Principles of TQM

The principles of TQM are as follows:

1. Quality can be managed and requires management will to be managed. Itis an extremely important ingredient of successful management.
2. Everyone in an organization has a customer.
3. People are not the main problem for quality but processes are.
4. Everyone is responsible for quality. The ownership of quality is vested in each employee.
5. Problems must be anticipated and with proactive decisions, prevented not merely solved.
6. Quality must be measured in understandable terms (preferably in quantitative terms).
7. Improvements in quality are itself a continuous process and must not be viewed as frozen in time.
8. Zero defects or six sigma should be the quality standard.
9. Goals once defined on the basis of known requirements are not negotiable.
10. One must always measure lifetime costs instead of upfront costs.
11. Management must be completely involved with quality management and should lead the effort. There should be complete buy in at the top management level.
12. Quality management initiative must be a planned and organized effort.

Six Sigma

Six Sigma is a method used for measuring, improving and controlling process performance. A methodology, which improves customer satisfaction significantly, by reduction of variation in the processes.

‘Six Sigma is not something else that you do … it is what you do.’

What is six sigma?

1. It is a philosophy which results in operational excellence.
2. It reduces variation in processes and operations.
3. A statistical measure of a process capability – 3.4 defects per million opportunity _ 99.99966 per cent probability of passing non-defective products to customer.

Benefits of six sigma

1. Increased customer satisfaction
2. Reduced defects
3. Increased productivity
4. Better and consistent processes

Six Sigma Methodologies

For Existing Processes (DMAIC):

For new design and new processes (DMADV/DFSS):

Organizations implementing six sigma

Six sigma has been successfully implemented by manufacturing organizations like GE, AT&T, Motorola, Honeywell, etc., service organizations like American Express, IBM, Accenture, Microsoft, J.P. Morgan Chase, to name a few.

Six sigma approach

Y=f(X)

Where, Y = Output or Effect

X = Input or Cause

DMAIC model

Define phase

The define phase focuses on customer feedback or VOC (voice of customer). It is important to understand who the customer is and then understand the customer requirements. There are tools like interview, survey, focus group, etc., used to collect customer requirements. Once the VOC is obtained, it is translated into a measurable metric called the CTQ (critical to quality). A CTQ should be SMART (Simple, Measurable, Attainable, Relevant and Time bound).

The next step in define phase is to create the six sigma project charter. This is similar to a project plan and has six mandatory sections:

1. Business case
2. Problem statement
3. Goal statement
4. Scope
5. Timelines or milestones
6. Team/resources

Any six sigma initiative consists of customer, sponsor (who finances the project), project champion (the subject matter expert), six sigma team (master black belt, black belt, green belt) and team members (who help in the project).

The last deliverable in define phase is creation of a high-level process map or IPOC.

SIPOC =Supplier – Input – Process – Output – Customer GE uses COPIS:

COPIS = Customer – Output – Process – Input – Supplier

Measure phase

The following activities are undertaken as part of measure phase:

1. Defining performance standards – consists of the target and the specification limits (operating range on the target)
2. Data collection – data is collected for all potential causes
3. Data analysis
4. Measurement system analysis – no process can be completely variation free. In the measure phase, we call this the measurement system analysis. In a six sigma project before we start analyzing data, we have to ensure that the measurement system does not contribute errors of its own due to person measuring, or the measuring instrument or the sample that is getting measured
5. Process capability – it is the measure of the current state of the process

Analyze phase

The following activities are undertaken as part of analyze phase:

1. Basic data analysis on Y
2. Identifying all potential causes, which are called ‘Trivial Many X’s’
3. Finding out the root causes or ‘Vital Few Causes’ – tools such as fish bone diagram, Pareto analysis, cause and effect matrix, etc., are used to separate the vital few from the trivial many
4. Validation of root causes

Improve phase

After the previous phases, we have a set of validated X’s. The deliverables in improve phase are:

1. Design solutions – when X’s are isolated and independent, tools such as brainstorming, lateral thinking and TRIZ are used to design solutions. When X’s are interdependent, DOE (design of experiments) is a method used for conducting controlled experiments of how a process performs under differing conditions of variables
2. Risk assessment – failure mode and effects analysis (FMEA) evaluates the different ways an input to a process step can fail and tries to understand the cause of that failure
3. Solution Implementation
4. Solution validation – used to measure the success of the process. Cost benefit analysis is used for the same.

Control phase

Control phase attempts to find out the stability of the process and ensures sustainability. Every completed six sigma project should have not only a control chart but also a control plan. This ensures that the process does not revert to the way it previously operated.

What is an Incident?

An incident in the parlance of information security is a security breach or even an attempt to breach security. An unsuccessful attempt to crack the security system is also an incident and needs to be investigated thoroughly.

Incident Response Process

Whenever an incident takes place, a series of steps needs to be taken to find out the causes of the incident to ensure that such incidents do not occur in future. The incident response process involves the following steps:

1. Incident identification – it is the first step of incident response in which the incident is identified. Some common incidents may be DoS, port scanning, IP sniffing, social engineering, banner capture, unauthorized access or virus infection.
2. Incident classification – it is the next step in which the incident is classified based on its severity. Every organization must maintain an incident classification chart to rate an incident when it occurs based on its criticality.
3. Incident notification – it is the notification given to specific functionaries about the incident.
4. Incident response and containment – it is the action taken to thwart the incident.
5. Incident recovery – it is the recovery activity to restore system to the previous status.
6. Post mortem – this is the post incident investigation to find out the vulnerabilities in the system that allowed the incident to happen.

Some Attack Techniques and Technologies

Some of the attack tools and techniques are:

1. IP spoofing is a the techniques of using forged 12 digit IP address (source) in the IP packets that are used in TCPIIP protocol for data communication (primarily on the Internet or on any other TCP/IP network) for concealing the identity of the sender or impersonating another computing system.
2. Packet sniffing is a technique or a program to troubleshoot network traffic. However, often it is used by hackers to get information about the source and destination of IP packets on a TCP/IP network. When on a TCP/IP network like Internet, data is broken down into small packets that are transmitted over the network and gather together at the destination, reassembled and displayed/stored etc. these packets have stamps of destination and source on them so that they are not lost. Packet sniffing is the technique of that can capture these floating packets on the TCP/IP network like a wiretap and find out what is being sent to or from a source or destination.

we are going to discuss about the threats and vulnerabilities of information systems from both insiders and outsiders and the ways of managing such threats and vulnerabilities.

Information Security Attacks from Insiders

It is now an acknowledged fact within the information security community that insiders(people with access to information systems of organizations) within the organization represents one of the biggest2 (estimates vary from half- to three-fourths of all security incidents) information security threats (Dillon 1999, Whitman 2003). Considering that a large number of such incidents go undetected (Hoffer and Straub 1989) it is most likely that these numbers are actually much higher. Specialists therefore prescribe a cocktail of measures to prevent security incidents. These measures fall under two broad categories:

1. Procedural or business control measures-those that define access and other security policies, usage guidelines, security education, training and awareness (SETA) programs.
2. Technical measures-includes authentication measures, monitoring techniques, tools and filtering mechanisms.

Types of Information Security Attacks from Outsiders

Information security attacks can be of various types. Modern attacks and techniques are difficult to detect and stop as it requires continuous monitoring of the system. Perimeter security is therefore of vital importance as the objective of a security system is to halt an attacker from gaining access into the system. The following are the major forms of attack:

Hacking

It is the activity of getting into a computer system without authorization to have an access for a look around and see what is possible to do in the system. Hackers are mainly of three different types.

1. Ethical hackers: Ethical hacking and hacking etiquette demands that the hacker after having penetrated the system notifies the system administrator of his entry to let him know about the vulnerability of the system. This kind of hacking actually helps the organization to improve its security apparatus.
2. Crackers: These are malicious hackers. Once they get inside a system, they destroy valuable assets. Their objective is to cause as much damage to the system as possible. These attacks are to be feared as they have the potential to cause large-scale damage to the organization’s information assets.
3. Phreaks: These are people who hack into the phone systems of organizations so that they can then make calls at the expense of the organization. Each hacking incident however, may be different from the other as each hacker in each incident tries a different trick to exploit a different vulnerability of a system. Since nowadays most systems are connected to the Internet, most hacking incidents occur from net-based hackers who gain access into the organizations computer systems and then cause damage to the system. Most hacking incidents follow a typical pattern or method, which are:

Reconnaissance-The hacker before embarking on a full-scale attack tries to find out the counter measures that are protecting a system. He tests the waters before jumping into the action. In this stage, he typically tries to gather information about the system (and/or network), its vulnerabilities, critical information stored in the system, key employee information, public information about the system and the organization, information about customers of the organization. This is passive reconnaissance. After this stage, the hacker moves on to active reconnaissance in which he acquires DNS information, IP addresses, performs ping sweeps, SNMP network scans and other attacks like banner grabbing, etc.

Vulnerability canning-After the reconnaissance stage, the hacker moves to the scanning stage in which he looks for vulnerabilities in the perimeter security of the system. He also scans the routers and firewalls of the organization to check for vulnerabilities.

Securing/getting access-After the scanning stage, he moves to the stage of gaining access, here he accesses the organization’s system after capitalizing on any vulnerability in the organization’s security system. This can happen through the operating system of the organization’s server or networked computer, an application (either planted within the system or suitable file corrupted/modified by the hacker to work on his commands), or through any network devices in the organization’s network.

Maintaining access-After getting access to the organization’s system, the hacker would normally like to continue to maintain access. This he manages by planting a custom-built application on the already compromised server of the organization. This strategy helps the hacker to enter and exit the system at will. Thus, the hacker can have complete control over the organization’s system. He can upload applications, modify applications, modify data without anyone’s knowledge, steal data and cause widespread damage to the system. At this stage, the hacker evaluates the information assets of the organization and based on his intentions goes ahead with a plan to profit from his efforts. He can wish to just maintain access without causing any damage, steal information and sell it outside, profit from altering the data of the organization or simply blackmail the organization•

Covering tracks-Once the hacker has enabled his access into the organization’s system, he would like to remove any trace of his entry and exit from the system. This he manages by suitably deleting the evidence of his access from the audit files and log files. Thus, the system administrators remain oblivious to the access of the hacker.

Denial of service (DoS)

This is another form-security attack in which the attacker overwhelms the organization’s server (or other hardware resources) or the telecommunication lines from the ISP. Normally, DoS attacks are one-to-one meaning that the attackers launches an attack from his machine and attacks one organization with the objective of overwhelming its resources (hardware or telecom) thereby denying the system’s services to legitimate users. Since February 2000 the trend for such attacks has changed. Now attackers use a many-to-one mode of attack for DoS. This is known as distributed denial of service (DDoS). The attacker creates zombies (these are compromised machines on the Internet that run application codes which are controlled by the attacker). At his instructions DoS attacks are launched simultaneously on a single target from all the zombies (sometimes as many as tens of thousands). The only way to control DDoS attacks is to control the number of zombies on the network. It is one of the most difficult forms of attack against which an organization is to be secured.

Malicious code

“This is another form of security threat, being pieces of code that reach vital areas of a system and renders great damage to it. The easiest form of distributing malicious codes is through e-mails. It is therefore a good idea to check the attachment files in e-mails before opening them. There are many different types of malicious code:

1. Virus: This is the most common type of malicious code. Viruses are also of various types. File viruses are viruses that infect files of a system and then keep on multiplying themselves whenever a user opens a file or access a file and therefore spread to all parts of a system and damage all files in a system. Such file viruses are the most common form of virus applications. Most file viruses are executable files. Other types of viruses attack the master boot record of the operating system thereby rendering the as useless. Some viruses are application specific like macro viruses that affect office applications.
2. Worm: A form of malicious code that affects networks. They have the capability to replicate themselves over a network and spreads very quickly from one machine to another in a network. Several highly publicized attacks have been reported.
3. Trojan: It is a stealth version of a malicious code. It seems like a good and trustworthy code on the surface but is actually a malicious code in reality? The easiest way to stop Trojans is to stop opening untrustworthy attachments and stop downloading and running freeware.
4. Logic bomb: This type of malicious code waits in a system for a trigger, like a particular date and time, to unleash damage. The code waits patiently and does not act malevolently until a particular data and time and after that due date and time, it would work in a malevolent manner by damaging the system and data.

Social engineering

This is another way of attacking a system. Social engineering is a set of techniques used to trick gullible users into parting with their critical information like username and password. The social engineering attacker uses the following human attributes to get access to critical data:

1. Most people trust others unless they are found untrustworthy. The attacker exploits this trait of human nature. For example, simple calls made ostensibly on behalf of a trustworthy organization like a bank would make us divulge a lot of critical information about our bank accounts.
2. The fear of getting into trouble is also another human trait that the attacker exploits. For example, a simple mail requesting you to give your password for better maintenance of your bank account may actually cause fear in your mind that if you do not divulge your password, maintenance will not be proper and hence some indeed do give away their password.
3. Preference for short cuts is another human trait that attackers exploit. Most people give passwords as nicknames or birth dates or name of their pets which can be easily cracked.

Thus, we can see that a skilled social engineer may be able to get critical data that will enable him to access the system without much trouble. Thus, this type of attack is a very serious threat that all must be careful about.

Some Top Hacking Incidents of All Time

1990s

Kevin Mitnick, a well known hacker, hacked into computer networks and systems of top telecom companies like Nokia, Fujitsu, Motorola, and Sun Microsystems. The incident caused a huge stir in the security establishment and Mitnick was arrested by the FBI in 1995, but later released on parole in 2000.

1995

A Russian hacker Vladimir Levin was the first hacker to hack into a bank to rob money. In early 1995, he hacked into a top US bank which had a very secure VAX VMS based system and robbed an estimated $10 million USD. He was later arrested.

1990

In 1990 a radio station in Los Angeles started a contest that awarded a Porsche for the 102nd caller. Kevin Paulson, a hacker took control of the entire city’s telephone network, and ensured that he is the 102nd caller, so that he get the prize. He was later arrested.

1996

Timothy Lloyd wrote a small piece of malicious software code that allowed a “logic bomb” to explode which deleted software worth $10 million USD.

1988

Robert Morris a Cornell University graduate launched a worm on the Internet that infected machines world wide and crashed thousands of machines.

1999

David Smith wrote and launched one of the most dreaded virus, Melissa that damaged machines worldwide.

2000

Mafia Boy hacked into the most popular sites on the Internet world, like eBay, Amazon and Yahoo and managed to engineer a Denial of Service attack.

The ISO/IEC 27001 definition of information defines information as an ‘asset’. Therefore, information is something that has value and requires to be protected against theft or destruction. In order to protect information from theft or destruction, all counter measures that are taken come under the purview of Information security measures. Information security is therefore defined as all steps taken by the organization to protect its information and information systems. The steps may be technical or managerial in nature and may involve automation or manual controls.

At the core of the concept of information security lies the concept of 4R which are

1. Right information-means that information has to be accurate and complete
2. Right people-means that information is available to the people who are authorized to receive it.
3. Right time-means information must be available to the authorized individual on demand.
4. Right format/form-means that information must be given in a format that makes some meaning. It has to be given in a format that makes decision-making easier.

If information has to be protected, the 4Rs must be applied properly, information and its value must be well understood and the threats to it must be analyzed in detail. Only then, can counter measures be taken to ensure that there is no deviation from the principles of the 4R, i.e., information confidentiality is maintained, information integrity is guaranteed, availability to authorized personnel is ensured on demand and the integrity of the formats of information storage and delivery are not tampered with.

However, there are risks to information assets. While some risks may be eliminated, some risks can only be minimized. Such risks are to be managed properly to ensure smooth functioning of the information infrastructure. From a security perspective, risks are potential issues and have to be understood carefully in order to come up with security counter measures that would minimize or eliminate the risk.

Risk may be defined by the formula as:

Risk =ƒ (Information asset value, threats, vulnerabilities)

As one can see, risk to an information system can be defined as a function of the asset value of the information, the threat to the information and its vulnerabilities. Risk can therefore be managed if we are able to manage the asset value, the threat to it and its vulnerabilities.

The risk management alternatives therefore are:

1. Risk reduction.
2. Risk acceptance.
3. Risk transference.
4. Risk avoidance.

Planning is the key to success in developing a good IS. IS planning brings to focus the reason for existence of the IS and helps the developers to undertake the task of development of IS in a structured manner. Organizations undertake planning for IS for several reasons. Typically IS, plans have a hierarchy with different levels of management handling different plans.

Strategic Information Systems Planning

This is the first plan of information systems within an organization. It is foremost for defining the role information systems will play in the overall scheme of things. Typically, top management formulates a charter for information systems or the CIO formulates the charter and gets approval of the top management. With the charter, the mission of information system in the organization is also formulated. Thereafter the constraints and environment in which IS is to be implemented is analyzed. In this, the strategic objectives, policies, human resource, maturity of IS usage of the organization and the present and future information needs of the organization in view of changes in technology is analyzed. Following the broad mission and analysis of environment and constraints, concrete objectives of information systems is laid down along with the plan of achieving the objectives. The plan will include broad guidelines on allocation of resources, mechanisms of control of the process of information system development and other guidelines for implementing the strategies of the plan.

Long Range Information System Planning

This is the second stage of planning done primarily to understand the user needs and objectives. This sort of plan does not go into project specific details but rather focuses on the expectations of users from the system. Typically, this kind of planning is done with a time horizon of five to ten years in mind. Broad characteristics of information systems based on the needs of the users are dealt with in this plan along with the technology trends in the information technology space and long-term objectives of the organization. The long-term plan requires greater detailing than a strategic plan and is normally prepared by senior executives in the organization which is then approved by the top management. Ideally, senior executives from different departments are involved in this process. The following step-wise course of action is normally taken to prepare a long-range information systems plan:

Collecting background data

All kinds of data that helps in creating a background or perspective for the planning with regard to the technology scenario, organization objectives, changing needs of the users, competition scenario, potential set of information services in future, availability of resources in future, suitability of organizational culture, etc., is collected and presented as a background.

Analyzing the broad long-term needs

Based on the prepared background, analysis of the overall long-term information system need of the organization is defined. This entails an analysis of demand on resources for such information systems and the means to provide them.

Developing the long-range plan document

Formally documenting the above steps into a plan of action results in the creation of this document. This document typically contains information about the objectives, resources to be made available for the IS, future trends in demand for information within the organization, risks and opportunities in developing the IS and organizational issues pertaining to installation of such IS.

The medium-range information systems planning

This is a very important plan for developing the IS. It looks to satisfy the present information needs of the organization by implementing a portfolio of projects. The planning time horizon is one to two years and the focus is on the present. It normally contains the plan of action for the portfolio of IS projects, resource requirements for each, procurement of necessary resources for implementing the projects, staffing needs analysis, budgeting and funding issues, priority setting of the projects under development. This process of planning, resulting in the information systems, master plan document containing details on:

1. The present IS situation with regard to usage, ·technology, work force and other resources.
2. Analysis of the present IS situation.
3. Plan of action including prioritization of projects aligns it with the long-term plan of IS.
4. Policies under several operational heads like training, procurement, hiring, outsourcing, and security are given in these documents.
5. Financial implications.
6. Risk to projects.
7. Process of development and present status of each project under development.

The short-range information system planning

The time horizon for such a plan ranges from a few months to a year. Operational details and short-term goals and objectives are detailed out in this document. Normally the personnel of the information systems department are involved in the preparation of such a plan. It includes maintenance plan for existing systems, development plans for top priority systems, technical support required for the development, operations plan, training plan, staffing plan and financial plan containing practices and procedures for relevant issues, all in the short term of about a year.

One has to plan the information which the management information system will churn out for the different levels of management. The report structures, information flow, storage, information capture and its strategy, network, applications and security are all planned and designed before the system is created.

Normally, the stages of MIS development conform to a stage-wise development approach, with planning of the system being the first activity followed by analysis and design which in turn is followed by coding, testing and implementation. However, even though the broad stages may be used for most MIS development, the order is sometimes tweaked. Each of the activities given above for development of MIS is a difficult and intellectually stimulating set of tasks requiring technical and managerial skills. In some of the activities, the users are actively involved in arriving at the design of the system.

Normally, the system analyst and his team will be responsible for the majority of the stages in developing the management information system. This is required as the development process requires knowledge of both management and technology which most line manager’s lack.

Planning for MIS is probably the most important task in the entire development process. It is the activity which if done wrongly may lead to huge cost and time overruns in the development process. The planning process involves amongst other things the aligning of objectives of an organization with the objectives of the MIS. This activity requires strategic management orientation and a macro view of the needs and growth aspirations of the organization among other skills as the system will have to be relevant to the organization in the near future. If the organization outgrows the MIS, then the MIS will have to be redeveloped. This being costly, in both time and financial dimensions is to be avoided.

However, before we embark on planning, we must have an understanding of what we are getting in to. For this, it is very important to understand that IS development for which the planning is being done can be difficult or easy depending on a few factors. If the IS development according to the assessment of the factors is easy, planning will be done accordingly and if the assessment of the factors is such that the IS development is likely to be difficult then planning has to be detailed and management has to be involved more in the planning process. The factors also must be explained to the top management and the possible difficult areas must be clearly identified and monitored in the entire development process. The planning for all this then becomes a part of the IS planning process.

Information systems development becomes easy if there is:

1. A supportive management with a positive attitude
2. The existing IS is adequate
3. The objectives for the new IS is good and clear

In such a scenario, the IS development becomes easy and the IS that is developed delivers value and becomes acceptable to employees easily. However, if any or all of the above factors are not in favor, i.e., management is not supportive or has a negative attitude towards IS or if the objectives of the new IS are bad or if the existing IS is inadequate or all of the factors are together not in favor, then the IS development becomes very difficult. One must factor in these issues before commencing with the information systems planning process.

The Process of Development of Information System: A Typical Software Development Life Cycle

The process of development of information systems in an organization may vary from case to case but ideally the stages of development can be clearly demarcated. The process of development of information system involves the following stages:

1. Planning-planning is required as without planning the outcome will be below expectations. Planning sets the objectives of the system in clear and unambiguous terms so that the developer may conform to a well laid set of deliverables rather than a high-sounding statement that may mean little to him. Planning also enables the development process to be structured so that logical methodology is used rather than working in fits and starts. It ensures user participation and helps in greater acceptability and a better outcome from the development process. It leads to a system that is well balanced in both the managerial and technical aspects.
2. Analysis-is an activity of technical representation of a system. Over the years many methods have been developed of which the structured analysis and object oriented analysis are most widely used. This step or activity is the first technical representation in abstract terms of the system.
3. Design-is the stage where the model or representation of an entity or a system is done (in detail). It is based on the idea that the developer will be able to develop a working system conforming to all the specifications of the design document which would satisfy the user. ·It is a concept which has been borrowed from other branches in engineering where the blueprint of a system or entity to be built later is first created on a piece of paper or digitally to help developers in conceptualization of the system and to understand the specifications of the system.
4. Coding-is the actual stage of writing codes to develop the application software according to the specifications as set by the design document. The programming done at this stage to build the system is dictated by the needs of the design specifications. The programmer cannot go beyond the design document.
5. Testing-is the testing of the system to check if the application is as per the set specification and to check whether the system will be able to function under actual load of data. The testing is also done to remove any bugs or errors in the code.
6. Implementation-is the stage when the system is deployed in the organization. This is a process which often is a difficult one as it involves some customization of the code to fit context specific information in the system.

Before commencing IS planning, one must also identify the need for new information system. The above figure gives a flow chart to find out if the existing IS is fulfilling the objectives of the organization with respect to IS. Sometimes, an existing IS can be tweaked or redesigned to align it with the changing objectives and business needs of the organization but sometimes, that become too costly or technically infeasible, in which case, one has to start the process for a new IS. The above flowchart also gives us a tool to use to understand whether our existing IS is relevant for our business operations.

The Strategic of information systems planning is explained below.

The Ad Doc Approach

This approach towards development of information systems is the worst possible approach as people in the development process are in the process of perpetual fire fighting. There in no plan available and the development work is carried out as per wises of the developer based on his understanding of what the needs of the user should be. The outcome of this kind of approach is a set of systems that are not synchronized or synergized into one system but a host of systems that work in isolation.

The Data Collection Approach

In this approach, all possible data about the need for the system and about the system is collected. This approach assumes that information systems are best developed based on data from all quarters. This results in lack of focus and understanding as the systems development process gets mired unnecessarily into other issues, like projecting the future information requirement in granular detail by the user.

The Organization Chart Approach

In this approach the information system is developed with the organization structure in mind. It assumes that information strictly flows on the basis of organizational structures. Junctions of information exchange are made on an ad hoc basis which complicates the flow of information and brings in redundancy in the system.

Now that we know how not to approach IS development in an organization, let us discuss the appropriate approaches for IS development.

The Top-down Approach

The top-down approach is used to develop IS with the objectives in focus. The objectives of the IS become the most important priority. The objectives are clearly defined in the first step, followed by identification of the activities of the organization. This in turn is followed by the third step in which the decision-making needs of managers within the organization are analyzed and the necessary information flow for facilitating information delivery to managers for decision-making is understood in detail. Once all the details are available, the application is developed. In this type of system the objectives become the mainstay of the system. However, for this kind of system, the requirements from the systems have to be clearly understood upfront to avoid any problems in the development process. This is because the strategy of development is such that the design is not adequately dynamic.

The Bottom-up Approach

In the bottom-up approach, we find out the type of information that is produced in the operational subsystem and then work backward to integrate this with the entire IS structure to have an organization wide impact. In this design, there is more flexibility to change the information system deliverables even during the development process as the individual subsystems are not designed according to the demands of the upper layers as in the case of top-down approach. On the contrary, here the upper layers are integrated with the lower layer subsystems to create the IS. Thus, bottom-up systems can expand in response to real-world changes and needs of the organization.

The degree of success of any information management initiative or intervention in an organization depends upon the approach of the management of the organization towards such an initiative. If the approach is short term and the benefits or objectives envisaged is too narrow, then the information system remains only of marginal value.

On the other hand if the management is fully convinced of the need for such a system and gives it wholehearted support and backing, then naturally the process of information system development is adhered to in a more comprehensive manner, with proper planning, listing of objectives, proper analysis and design and proper implementation. This result in a superior information system that can not only fulfill the information needs of the organization in the present but can also continue to serve the organization in times to come.

The objectives and deliverables planned for such a system is well structured and the user, i.e., the managers who are involved in the planning and designing stage of the development process of the information system. There is no gap in the expectations and deliverables. This means that there is no misunderstanding between what the managers want from the system and what the developer designs the system to deliver. This leads to greater acceptability of the system within the organization and leads to greater return on investment as far as the organization is concerned. The training required for the managers is also much less if they are involved in the process of development.

Also the role of the top management comes to a focus in the development process. The top management by giving its full support may choose to send a message to the entire organization that leads to greater acceptability of the system and a lesser resistance to change. If the top management is ambivalent, problems of acceptability and conflict arise. Information systems are known to cause conflict, resulting from a resistance to change of mindset amongst employees. This behavior may to an extent be controlled without human resource intervention if the top management support is not only given to the project but also made well known across the organization. This means that communication is needed for the system and the support of the top management should be well communicated to the employees to gain greater acceptability and a smooth transition.

Most organizations choose to outsource the work of development of information systems to specialized IT firms. This brings to the fore the necessity to control the outsourcing process. The problem with the strategy of outsourcing the development work of information systems is that the outsourced agency may not understand the specific internal requirements of the organization. Specialized IT consulting firms are available to control this process on behalf of the organization. Typically, the IT consulting firm studies the needs of the organization and prepares a design document in consultation with the users, i.e., the managers of the organization and then the IT development firm develops the system by adhering to the design. Suitable control is exercised by the organization in which this information system will be implemented in the form of discussions, ratification of prototypes, etc., along with controls exercised by the IT consulting firm like comparison of design with the actual development. This ensures that the product is prepared as per plan and that any deviations are noticed during the development stage and not during the implementation stage. This ensures that corrective measures can be taken to rectify the mistakes, if any, without much on cost or time.

In some cases, the organization may choose to develop the information system with its own resources. This is difficult as in today’s world the technological development has been sogreat in these areas of information technology and communication technology that it may be almost impossible for normal organizations, i.e., whose main job is not IT consulting or IT development to garner the technical expertise of an IT development firm and then develop a system from scratch. This will not only be very costly for the organization but may lead to unreliable results. In such a case, the managerial objectives will be clear and well adhered to but the technical objectives may suffer.

Several categories of IS and BS relationships exit. Primarily, such relationships indicate the extent of maturity of an organization in the use of IS. An organization that uses IS for bringing in efficiency in its business processes is looking at IS from a different prism than an organization that is looking at IS to provide it with insights on how to be more competitive. The organizations are at different levels of maturity.

Using IS to Reduce Costs

Organizations use IS to bring in greater efficiency in their business processes to reduce cost of operations thereby also reducing the cost of offerings. Such a strategy of using IS with the motive of cost control alone takes a narrow view of the capability of IS in the overall scheme of doing business. In this case, IS follows the business strategy of cost reduction. Indeed IS are used as a weapon to implement the business strategy. IS in such organizations are structured and focused on delivering greater efficiency to the organization by streamlining the processes but is not tailored to provide the management of the organization.

Using IS to Differentiate Products and Services

Organizations at a higher maturity level of information system use it for creating a competitive advantage by helping organizations to take decisions that help in differentiation of products and services from their competitors. Organizations like Capital One, Google and NetFlix use the power of information to the fullest. They derive predictive value which enables them to be always one step ahead of competition as they are able to predict the direction of the market and differentiate their offerings to suit the market needs. They keep their ears close to the market pulse with the help of IS. They regularly check their own transaction data to see the emerging or changing patterns of customers who might help them to offer a new product or service to differentiate their offering. This requires complete top management support and a holistic approach towards IS. When the management is convinced of the benefits of IS and the organization as a whole has reached a degree of maturity in dealing with IS, then these kind of linkage with strategy and IS is possible.

Using IS to Focus on a Particular Market Segment

This is another example of IS being used in isolation. Organizations use IS to keep track of a particular segment of market which interests them. This sometimes requires integration of IS with external data sources.

Using IS to Build Stronger Linkages

IS can be an important tool to maintain linkages with your own network of suppliers and customers as the vendor relationship management systems run on this premise. A strong and reliable IS linking the organization with its business relations, like vendors, customers and regulators leads to better communication and understanding between the different business entities. This is another role in which IS is now being significantly used-the role of networking. In this role, IS is used more as a medium of communication rather than a decision support tools. In this role IS works as a source that determines the information flow among different business entities.

Using IS for Information, Knowledge and Leadership

IS can be used in itself as a strategy to provide the organization with information and knowledge leadership. The speed and insights provided by IS results in faster turnaround times for new products and services. Leadership in IS results in quicker and more incisive insights reaching the market from the organization. As Rand D times reduce, customer preference is easily mapped and organization is lean and always geared to manage change. This gives a strategic advantage to a firm.

Information systems when used for providing information to managers for their decision-making needs become a management information system. The goal of such information systems is to provide relevant information to management so that it helps in its functioning.

Since decision-making is the most important task performed by the management at different levels, information that helps managers to take decisions is the most important objective of any management information system. Other information that is relevant for managers in helping them in their planning, controlling, organizing and directing activity is the secondary objective of any MIS.

However, an information system is normally not dynamic enough to alter itself to a degree that it can handle changing requirements from users. Hence, information systems are planned to take care of every possible eventuality as far as type of information is concerned. Management may require diverse types and combination of information and this is factored in the planning process. The system is planned in a way that it can handle future new requirements of information from managers.

The business strategy of the company is very important in planning for information systems. The information systems plan is drawn up in a way that it supports the strategic objectives of the organization even in the near future. It is for this reason that the strategic role of information system has to be clearly defined in the planning processes itself.

What is Information System Strategy?

The information required to support business strategy and the development of information systems relevant to providing such information needs to be planned and fitted with each other. This alignment of business strategy with IS results in information systems strategy. It is a continuous process that helps the IS support structure to continuously remain relevant for any organization’s strategic goals and objectives.

Information System Infusion and Diffusion

Information systems can have the effects of infusion of diffusion in an organization. If the diffusion and infusion is low, information systems will be used only in silos for data processing. If diffusion is high and infusion is low then we will have a decentralized information system. If infusion is high and diffusion low, we will have information systems that are critical to operations only. However, if both diffusion and infusion is high, our information system will give us strategic and competitive advantage.

How can IS be Used Strategically

In the absence of a cogent strategy for IS, it will deliver information that may be of little strategic value. Moreover, operationally the different technology platforms used, different systems that make up the entire information systems of an organization may not work in a synchronized manner unless all the systems and technology conform to a bigger strategic vision. Incompatibility will be the rule rather than the exception. Business goals and objectives will not be largely affected (positively or negatively) by such direction less IS. Opportunities will be missed. With a tactical focus IS cannot deliver strategic value to organizations. IS therefore must have a strategic focus. It must be closely aligned with business strategy and must be driven by business needs rather than technological possibilities. It should be integrated with the organizational strategy to deliver information that helps management to beat competition and thereby use IS as a tool for competitive advantage. IS in such a case has to deliver predictive insights into business issues.

Why we need a strategic Approach to Information Systems

If we analyze the history of information systems and how they have been put to use in organizations, then we get to see three eras (Ward 1990). In the initial or first era, information systems were primarily used as data processing tools and the focus was improving efficiency of repetitive work by automating such data processing and back office work. In the second era, management information systems were the rage. MIS focused on improving information flow within the organization so that the right person gets the right information. Essentially, MIS was used as a reporting aid and thus by definition, reactive in nature. The third era of information systems is dominated by strategic information systems which work as a game changer in a competitive environment providing the organization with the upper hand. The focus in these kinds of IS is IT applications for predictive insights into the competitive market conditions and other strategic goals of the organization. In the present date, this kind of IS finds acceptability and is used extensively in the corporate world. The table below clearly lays down the differentiating characteristics of the different eras of IS.

                                   Strategy 1: Different Eras of Information Systems

Unless information systems fit into the broad strategy of the firm, it is likely to generate suboptimal results for the firm. The true potential of information systems can only be realized if the organization adopts a strategic approach towards the information system resource. IS in this regard should be considered as an asset that can provide insights that help in improving the business of the firm in any manner rather than as an expense (to get information about one’s own organization). Actually, IS should fit into the strategy of the firm and help in achieving the strategic objectives.

Information system needs a strategic orientation as without such orientation the will lose focus. More focus is given to technology whereas business needs are its primary focus. The strategic orientation of information systems helps it to have definable goals and objectives itself.

Information systems can be used strategically to:

1. Improve integration or process within the organization. This helps in improving overall efficiency and performance.
2. Link the organization with customers and suppliers. This ensures that the reaction time for the organization is low and that effectiveness of the firm improves.
3. To provide top executives with critical information about the organization. This helps in better management as information flow improves and leads to better decision-making.
4. To enable improvement in products and services. This helps in the competitiveness of the firm.

Use of Information Systems by Different Category of Companies

Information systems are used by different companies in different ways. One of the ways to find the use of information system in organizations is to use the BCG matrix. The use and adoption of information systems depends upon where they lie in the BCG matrix. Star companies use IS to improve products and services and for innovation, while, Dog companies use it for support and cost reduction only. Cash Cow companies use it to improve productivity and Wild cats use it for insights and differentiation.

McKinsey developed this model in the 1970’s to determine the ease or ability of an organization to adapt to change. The primary focus of this model is on coordination. It is an excellent tool for self-diagnosis of problems by organization as it clearly bares the problem areas of the organization and highlights them. Even though it was proposed in the 1970’s, it still has some use in today’s ever changing organizations. The component elements of this model are:

1. Style-the first constituent element of this model is the style of functioning of the organization, its organizational culture and climate.
2. Skills-the second element is the skill set of the organization and its people.
3. System-is the third element of the model. The processes and systems make the organization which are used to maintain control and used for directing.
4. Structure-is the fourth element of this model. It refers to the structure of the organization, i.e., rigid or flexible. It also indicates the powers of the executives and the channels through which the power is to be exercised.
5. Staff-is the fifth constituent of the model and it refers to the employees of the organization.
6. Strategy-is the sixth element and it stands for the activities that the organization indulges in for gaining competitive advantage in the market.
7. Shared value-is the seventh and last element of the model and it refers to the common set of values that each employee of the organization stands for. This has today gained importance in view of the series of corporate governance challenges that are being faced by the companies.

Information is required in both strategy planning and strategy implementation. Without the right information about opportunities, threats, markets and changes in business environment, competitors and their plans, the organization’s own strengths and weaknesses and government guidelines and polices, business strategy can neither be planned nor the planning be implemented with elan. Information thus plays a very crucial role in strategy. This fact was however ignored by the top management until the mid-nineties when top executives began to realize the connection and the potential to leverage information systems for strategy development and implementation. Today in most organizations there is a buy in by top management on this linkage between strategy and information systems. In fact, information systems are now being developed in a way that they are aligned to the strategy and help in its planning and implementation. Thus, a new concept of strategic information systems has developed. New developments in the field of information management and information systems have contributed to the development of this area.

BCG Matrix is a simple tool. This tool is mostly used to understand and analyze business units and product lines. It was developed by Brucy Henderson of Boston Consulting Group. It is a powerful tool which can be used for resource allocation decisions in strategic management. Given below is a figure that represents the basic contours of a BCG matrix. This tool places business units/products/brands within four quadrants, based on their relative market share and market growth.

The names of the quadrants are ‘Star’, ‘Question Mark’, ‘Cash Cow’ and ‘Dog’. Each quadrant represents some unique characteristics. These are given below:

1. Star-these are units in fast growing industries and have large market share. They require cash for growth as they are net balanced in cash flows. It is hoped that they would become cash cows.
2. Cash cows-these are units in a slow growing industry but have large market share. They are cash flow positive and are considered to be great assets. Investment required in such units is low but output of these units in terms of profits and cash flow is high.
3. Dogs-these are the units in a slow growing industry that also have low market share. They break-even and are ideal candidates for being sold off. They are considered to be poor assets.
4. Question mark-these are units which though in growing markets have low market share. They consume a large amount of cash for expansion and are typically not in a position to generate large cash flows. Hence, they are cash negative. They can become dogs and hence the companies should either invest heavily in such units or sell them off.

The subject of information management is however distinct from information technology, even though there is a lot of dependence on information technology to manage information.

When the realization dawned on management thinkers that information can also be regarded as a key resource, they were faced with the issue of managing it because information can only be a resource if it lends itself to processing that includes one or more of the following operations,

1. Recording-transaction level data is saved in a proper format for retrieval later.
2. Sorting, merging and sequencing-ordering and sequencing the data in records.
3. Analyzing-analyzing the data using any analysis methodology like summarization, or clustering.
4. Retrieving-cutting out information from huge data repositories.
5. Reproducing-generating information again and again.
6. Visualizing-providing information in a visually stimulating manner.

Moreover, gathering information is another complex task involving the capture and storage of transactions in databases which have to be designed suitably and then accessing this data repository using networks. The visualization aspect or the output of the data is in itself another complex operation involving query optimization, graphics, analysis and modeling of information.

Information technology is a term used to refer to the basket of technologies, like networking, communication, database management, application software, computer hardware and system software, graphical display and internet enabled technologies. The scope of IT in organizations may be termed as:

1. IT platform which is the hardware and software infrastructure of the organization.
2. Information reaches which is the ability of the organization’s IT platform to reach out and capture information both within and outside the organization.
3. Information range which is the diverse type of information and related services that the IT platform allows the managers to access in the organization.

Organizations use several types of information systems to suit their needs. The various types of information systems that an organization uses may be classified into the following categories:

1. Office automation systems
2. Transaction processing system
3. Decision support systems
4. Executive information systems
5. Business expert system

Apart from these broad classes of information systems, organizations also use specific information systems for some special tasks like executive information system, enterprise (wide) resource planning systems, customer relationship management systems and supply chain management system. These systems also fall under the above broad classification.

Office Automation Systems

This type of information system aids in automating office tasks. They have a limited role in decision-making and are more useful for operational level people. The information coming out of this kind of system can be used for rule-based decision-making for managers at the operational level. These systems however play an important role in automating several functions of an office and thus help in creating paperless offices. These kinds of systems help in increasing the productivity and efficiency of the office workforce by automating simple tasks. These systems mostly deal with operational data. More and more modern businesses are opting for this paperless office environment as this brings in the following unique advantages for the business:

1. Office work becomes faster and process driven.
2. All basic level data is digitized and stored for future action.

An example of office automation system is the office suite of software that helps in automating simple office tasks like presentations and documentation. Sometimes we also come across a class of systems called the operations support system (OSS). OSS also work with the lowest levl31of management is ensuring that the operations of the firm are performed smoothly. OSS can be very different from Office Automation System even though they both help bottom level managers, in term of the information complexity involved.

Transaction Processing System

This type of system is critical to the smooth functioning of an organization. The objective of this kind of system is to capture all transaction related data between the organization and its external and internal customers. Typically, these transaction level data are stored in a pre-formatted manner in a relational database for further action in future. TPS is the most widely used form of information systems as they provide the management with the flexibility of storing data in a structured manner and retrieving it at a later date using a query facility. The system also helps in aggregating and summarizing the data for creating of management reports. These reports are further improved by using visualization tools that help the management in understanding situations and scenarios better. These systems deal with tactical data from within the organization.

An example of TPS would be the sales management system with a relational database management system at the server side back end and a customized front end to interact with the users.

Decision Support Systems

Decision support systems help senior management to take strategic decisions. Contrary to the other systems, decision support systems are developed with the objective of providing the users (top management personnel) with unstructured information. These systems help the management to develop ‘what if analysis’ so that different scenarios can be developed for decision-making. Decision support systems deal with both internal and external data. Such systems are custom built with features like business dashboard and scenario panel.

Such systems are complex with working models (internal) on the data to provide the senior managers with decision support. Unlike transaction processing systems, these systems are not query dependent only. Their main role is to access data from a data repository and then pass that data through a model (mathematical, heuristic, statistical, econometric, operations research and combinatorial), so that the senior management can take better decisions by doing either ‘what if analysis’ and scenario building or by doing ‘predictive analysis’ to get some insight into a business issue. Such systems are very costly to build and require advanced analytics tools.

Executive Support System

Executive support system is also known as the executive information (support) system. It began to gain acceptance in the mid-eighties in large corporations and is now used even is smaller corporations. In functionality, it is nearer to decision support systems than management information systems. Its main objectives are to provide a macro-organization wide view for senior executives, by providing a very user-friendly user-interface so that proactive steps may be taken to beat competition. It provides timely and proactive organization tracking and control. It is able to perform these tasks by providing fast access to all type of data and by filtering and tracking critical data and information. It helps to identify problems and opportunities and thus, helps senior executives to troubleshoot problems and take advantage of opportunities.

Business Expert System

Some business scenarios are so complex that they require the help of advanced systems that can provide expert solutions. These systems use artificial intelligence and neutral networks to reach the performance level of a human expert thereby helping the organization. These systems are different from any other information system as they are capable of decision-making by themselves without human intervention. Actually, these systems are loaded with the knowledge of experts and these systems simply simulate the expert knowledge to arrive at decisions.

A modern manager is a person who does the most important task within an organization taking decisions. However, we can categorize his tasks among the categories of staffing, planning, controlling, organizing and leading. We would have to say that different managers at different levels spend different amounts of time and effort in each of these categories of activities.

Even though, most managers would be required to perform all the activities in their own domain of influence. For performing his tasks in each of the activities that have been mentioned above the manager needs information. Without information he cannot perform his work in any of the activities of planning, organizing, directing or controlling.

For example, a manager when performing the task of planning would need to know many things. Some of the issues in a generic manner that he needs to be aware of are the following:

1. What is the objective for the plan?
2. What are the parameters that need special attention while planning?
3. What are the independent variables and what are the dependencies?
4. What are the things one must be careful of to ensure that the plan is realistic?
5. What is the context under which the planning is done?
6. What are the key issues related to the plan.
7. Who are the key people involved and affected by the plan?

The answer to all these questions will be required for the manager to come up with a suitable plan. However, each question even when considering from a generic sense would have several questions/issues embedded in it. As we can see a vast amount of information is required to even set the process of planning into motion. A manager in today’s modern competitive business environment may not be fully aware of all the issues and might not be personally aware of the information against each issue. This is the reason that makes the manager to rely on some system to provide him with this necessary information, Management information system bridges this gap by providing the manager with all the necessary information from different angles thereby making the task of the manager easier. The same is the case when the manager is performing tasks in organizing, directing or controlling. In each sphere of activity, the manager needs information such as in the case of planning. Normally, the means to get the information is through reports. Reports are formatted documents which arrange information in such a manner that the manager understands the meaning of the information being provided in the document easily and without any further analysis. Visualization of data and information is a common tool used to make the report easily understandable and to provide mangers with the insight on a particular issue. Visualization can be done in several ways. The easiest way to attain visualization is to use graphs in reports. A pictorial representation of data in the form of a graph conveys greater meaning to the manager than data being presented in plain text. Hence, reports have a bias towards graphical representation. Moreover, the pre-formatted nature of the report called the report structure helps the manager to access the information that he is looking for faster. He knows what information is available in which part of the report and can save time by accessing the particular portion of the report that he needs. This is another feature of report.

Role of CIO

Chief Information Officer is the head of the MIS department. He is responsible for the entire department. The CIO’s job is to ensure that the managers get the information they are looking for.

The key tasks that the CIO performs are:

1. Ensuring that the MIS is managed properly. He creates and manages a team of people who are entrusted with the task on managing the system.
2. Create security policy. He creates the security policy in consultation with the top management and decides on the type of information to give to different classes of employees.
3. Limits the access of employees. In a centralized MIS environment all data is located in one place. If everyone accesses all kinds of information it will lead to chaos and confusion. The CIO in consultation with department heads decides on the type of access to be given to each class of employees in the organization.

The key skills required for a CIO are:

1. Interpersonal skills. The CIO needs to interact with managers who are not fully aware of the complexities and possibilities on information systems. This leads to complications and conflicts. The CIO needs all the interpersonal skills to remain effective. He needs to be a good communicator to be able to connect to people to make them understand the limits of the system and understand their needs. He needs to be a good negotiator to negotiate conflict issues and resolve them. He needs to be a good manager to manage the diverse set of activities under his domain.
2. Technical skills. The CIO needs to have technical skills as well as the ability perform particularly with respect to database management and system administration. The CIO needs to be technically competent to retain control over his team and to suggest solutions to his team in times of crisis.

The common thread of activity in all the management functions is information management. Every manager today has to manage loads of information some for the purpose of reporting and some for taking actionable decisions. A marketing manager trying to fine-tune a sales strategy would be doing it only after analyzing a lot of relevant information about the market, the customer profile, the product profile and competitor’s pricing strategy.

Similarly, a human resource manager trying to recruit someone for the organization would do a lot of information analysis regarding the job profile, suitability of the candidate for the job, the job market dynamics, etc. The competitive environment that exists in today’s time makes this task of management even more challenging. Decisions have to be taken very fast and after analyzing a lot of data.

It is precisely due to these reasons8 that more and more information technology (IT) intervention is being used in modern management functions. However, Information managementusing technology has itself transformed dramatically over the years. From being just a support function it has become a key resource for gaining competitive advantage.

More and more corporations are investing in acquiring the latest management information system tools like enterprise (wide) resource planning (ERP), customer relationship management (CRM), knowledge management (KM), decision support system (055), business intelligence (81) suites data warehouse (OW) facility as they are convinced of the benefits of such huge investments.

Information Needs for the Different Levels of Management

Even though the broad objectives of management as an entity may be same, like increasing shareholder value, it is by no means a monolithic entity. As has already been discussed, there are different levels of management and each performs its specific purpose. The top level deals with strategy, the middle level with tactical issues and the bottom level with operational issues. The top level that deals with strategy will be taking strategic decisions, middle level will take tactical decisions and entry level will take operational decisions. Now in order to take such decisions, contextual information will need to be provided.

                            Information Needs of Different Levels of Management

A manager at the top level who is deciding on the location of a new factory of the organization has strategic consideration like the labor costs of the location, proximity of the location to the market and long-term growth prospects in mind. He/she is not bothered about the shop floor level operational details like the reason for absence of a worker. He/she will have a strategic view and would need only such information that helps him to take correct decisions. Information is only a resource to him if it can help him to improve the quality of his strategic decision-making. Similarly for other tiers, information is only a resource if one can derive value from it.

Information Management

The business of information which is today a multibillion dollar industry first started when a firm called Bloomberg started compiling important information about US companies and their balance sheets and selling them to stock brokers. This was the first open trade in information as a resource in modern times. From then on, information (external) has been regarded as a resource that is traded10 sometimes freely and openly as in published literature and sometimes clandestinely in the form of corporate intelligence reports. Also, internal information is seen as equally valuable and every effort is made to derive more value from it and to ensure that this internal information does not find its way outside the organization.

The idea of information management is based on the fundamental premise that information is a resource that is valuable for an organization. The entire subject of information management is about how to derive more and more value from this precious resource. However, unlike most other resources that have to be procured from the outside environment, most information resource is available within the organization if an effort has been made for its safekeeping. Detailed logs of transactions of an organization with its external and internal customers over a period mostly form the basic ingredient of a good quality information resource. This basic information repository is then drilled and analyzed for actionable information, this is one aspect of information management in which strategies are used to derive greater value from the internal repository of data and information. The other aspect of information management is to ensure that this internal information is not ‘leaked’ to the outside world of competitors.

In order to understand the importance of MIS one must understand and appreciate the role that MIS plays in an organization. An organization may be conceived in a lot of ways. One can visualize an organization as a balance sheet or a function of financial statements, i.e., as a financial entity or as an organization chart delineating the decision-making hierarchy levels and formal communication channels. While both views are correct, the latter view is more appropriate for understanding an organization’s MIS.

Anthony in his seminal work elaborated (R.A. Anthony 1965) on this view of an organization as its hierarchy of decision-making. He focused on the managerial aspects of an organization and classified the management process into three distinct levels.

Strategic Planning

This requires focusing on the objectives and goals of the organization, on changes in the objectives, on the resource requirements to fulfill the objectives and on the guiding principles and policies that will govern the acquisition, use and disposal of resources to attain the objectives. In short, this role is the most important role in the management hierarchy and the decisions taken by managers in this role have a far-reaching impact on the organization. Managers in this role set the direction in which the organization will travel. In terms of hierarchy, this lies at the top.

Managerial Control

This requires that resources are acquired and used effectively and efficiently to attain the objectives of the organization. This is a middle management role. Managers in this role take guidance from the strategic planning hierarchy and control the activities of the organization such that the goals set by the higher level are attained in an efficient and effective manner. The impact of the decisions of the managers in this role is medium term and degree.

Operational Control

This requires that directives as set by the immediate higher hierarchy is followed and that specific task/s are carried out effectively and efficiently. The decisions at this level have very little impact on the organization. The organization behaves in a routine nature where the parameters of the decision-making process are well laid and certain.

Anthony’s idea of an organization’s hierarchy from the perspective of managerial activities. As is clear, it is a three-level pyramid with very distinct levels. Each level has its own set of tasks and decisions to take which have a varying impact on the organization as a whole.

                                                Management Levels in Organizations

For example, if we want to classify the decisions of a manufacturing firm, the strategic planning will encompass the annual production planning, annual budgeting, setting up of new plants and/or installation of new machinery to upgrade the production process and other such activities. Management control activities would include monthly production planning, maintenance planning and scheduling. Operational control on the other will deal with routine daily tasks of managing and supervising shifts to exercise control over the process so that the monthly plans and schedules as made by the management control level managers are met.

Information systems cannot deliver value from the first day in an organization. The organization needs time and maturity to be able to leverage the information system. Various organizations are at different levels of maturity in dealing with information systems. Nolan has provided a model for such information systems using maturity in organizations. However, empirical evidence is not available in favor of such models but intuitively, it seems correct. To leverage the benefits of information, an organization has to first appreciate the usefulness of information. This requires a change in the mindset and way of working. Organization culture needs to change to accommodate this kind of information-based working. Changing organizations takes time and hence, organizations pass through stages of maturity in dealing with information systems.

Nolan’s Six-stage Model

One of the stages of growth model, helping in the understanding of the role of information systems, in an organization’s strategy and its maturity. Earlier, in a similar model called the four-stage growth model the maturity of an organization was captured in terms of use of information systems. The stages are,

1. Initiation-in which the primary focus is cost reduction and only specialized applications are run with a specialized staff. Management in not very keen on monitoring the information system.
2. Expansion-in which application increase rapidly. Specialization of staff and applications is the order of the day. Management begins to take note of the new way of doing things.
3. Formalization-in which emphasis is laid on control and specialization, is built around control. Management controls information systems.
4. Maturity-in which database oriented applications proliferate. Information is used as a resource.

                                                                            Nolan’s Stages of Growth Model

Nolan (1979) indicated that there are six stages in the information system evolutionary process. It is an improvement over the four-stage model. The stages are:

1. Initiation- in which the organization has an operational focus and tries to get operational efficiency and thereby limited value from the information systems.
2. Contagion-in which the organization moves towards online systems after having tasted success in the initiation stage. More users are added.
3. Control-in which the management exercises control and makes a cost-benefit type of assessment.
4. Integration-in which the organization moves away from an ad hoc isolated solutions based on information system to a service based information system. This is the stage when the organization transitions from a data processing outlook about information systems to more holistic information-based decision-making approach towards information systems. A more comprehensive approach towards information systems results in changes in the organization’s behavior towards information systems and initiates a new appreciation for data and information.
5. Data administration-in which the organization begins to appreciate the value of information and makes efforts to centralize the data management to take advantage of the benefits of information based decision-making.
6. Maturity-in which the organization creates synergies in its corporate objectives and information systems planning so that the two can work in a synchronized manner.

These are the stages as Nolan has described in this research. However, no empirical proof exists of this stage growth model of information system maturity.

Information system is a special type of system that allows storage, retrieval and processing of data in a secure environment. Logically the major sub systems of information systems are:

Data Repository

This is a subsystem which is at the core of any information system. Mostly this is a relational database management system that has pre-formatted and structured tables for storage of data. These structures are arranged in a way that helps in faster storage and retrieval of such data with adequate security.

User Interface

This subsystem handles the interaction of the system with the user (human) and hence it has to take care of issues related to the display of data on an output medium. This can be either graphical or character-based depending on the level of ease offered to the user.

Network

This subsystem ensures communication between the different entities of an information system. It is crucial for functioning of an information system.

Computer Hardware

One needs IT infrastructure to use information systems in an effective manner. Almost all the components of an information system are housed in some kind of computer hardware enabling it to perform the tasks better. For example, an algorithm to find the lowest of three numbers can also be calculated manually but under a computerized system, it will be much faster and efficient.

System Software

Some basic software is required just like computer hardware for efficient functioning of information systems. The system software does not directly aid in the functionality of information systems but work as enablers. Examples would include operating systems.

Input/Output

Sometimes this is clubbed with the user interface to suggest that I/O functions are handled by UI alone. However, in some systems I/O may be user independent like when an alert is activated, the input for the alert comes from some other system input rather than a user.

Business Rule (Process)

This is a set of rules that governs how a system should function to mimic the real business process.

Algorithm/Program/ Application Software

This is the actual invisible component that integrates all the components. The logic (business rule), is defined in the program (embedded in it) which enables the functioning of the information system for some specific purpose.

All the above components work in concert to make a functional information system.

Management is the often unseen force that helps bind an entire organization and helps it to achieve its objectives by conducting the activities of planning, directing, organizing and controlling. In an organization the structure of management conforms to the pattern of a pyramidal structure (in most cases) with a well-defined hierarchy.

This hierarchy in the management with an increasing authority and responsibility as one rises up the pyramid has to be understood before a suitable MIS is designed for the organization. Management deals with organizational functions. Managers are the people who drive an organization by planning for its future, organizing and controlling its present and directing others in the organization to work towards a common objective. However, strictly speaking, in functional terms, management is all about taking decisions. In fact, the only attribute, which distinguishes a manager from the rest of people in the organization, is the manager’s ability to take decisions.

However, decision cannot be taken in isolation. Even simple decisions require information as an input.These decision requirements fuel an insatiable need for information within the organization. This information need is met by a set of information systems working in a synchronized manner, which is collectively called management information system (MIS). The competitive environment of today’s business necessitates that the MIS of any modern organization works on an information technology platform and that suitable information is delivered to the right person at the right time. Information systemscan be theoretically even manual systems but for all practical purposes3, information systems in today’s organizations are based on information technology platforms. Therefore, such information systems are expensive to acquire and maintain. The cost of their failure is even more expensive for the organization as lack of information may cause havoc within the organization. Thus, almost all business organizations have an information technology enabled information system.

Information systems are of different types catering to different user classes. Information systems that cater to the needs of management are the focus in this chapter. These systems are broadly called management information systems if they conform to some specifications. These management information systems can be created from scratch or can be acquired off the shelf and then customized to fit the needs of the organization. Contribution to MIS literature (Anthony 1965) by developing a framework for management information systems in organizations, that remains largely valid. The framework under which management works is also important from the point of view of MIS as MIS is a support function. MIS in an organization is also dependent on the role played by some key personnel like CIOand the system analyst. We shall look into these aspects in detail in this chapter.

Information Systems: Definition and Characteristics

The role of information in enhancing the competitiveness of an organization has been known in management circles for quite some time now. A former Chairman and CEO of Citicorp, Walter B Wristoncommented on information systems and their value to organizations more than two decades back saying,

‘Timely information has always conferred power, both in the commercial and in the political marketplace. But as the availability and timeliness of information continues to increase, some of the more traditional sources of power (e.g., natural resources), are declining. Today, management structures are being flattened and sharply reduced by those who really understand the impact of technology on business. The need for layers of management is being reduced everywhere, when information becomes available to more and more people at all levels at a faster rate; One of our leadership tasks is to design … databases which are important for our own business Anything that enhances the value of a company’s data and makes it more available to executives who lack computer skills in general, cannot help but improve the performance of our companies. Corporations may have to develop a formal information strategy, or a formal financial strategy. As all successful companies are market driven, timely access to market information must not only be out in place, but it has to be linked to the internal MIS system.’

According to (Orlikowski 1992), ‘Nothing is more central to an organization’s effectiveness than its ability to transmit accurate, relevant and understandable information amongst its employees. All of the advantages of an organization’s economy of scale, financial and technical resources, diverse talents and contacts are of no practical value if the organization’s employees are unaware of what other employees require of them’.

Information systems come a long way. Over the years, their role in the organization has increased and their importance understood and valued by all. They have become sophisticated and now offer a variety of benefits to organizations. They deliver value by enhancing the organization’s internal communication channels, extending suitable information to managers to help them take decisions, help in decision-making of top level management by simulating different scenarios, assisting in routine office tasks by automating them, capturing, stores and mapping all transactions between the organization and its internal and external customers. In short, in an organization they are all pervasive and offer tremendous value. This is evident from the enormous investments in information systems by most business organizations. Let us now formally define information systems and its related concepts.

Information System

Information systems are a special class of systems whose main objective is to store, retrieve and process, communicate and secure data. Information systems which help management at different levels to take suitable decisions are called management information systems. Typically information systems are housed in a computerized environment/platform to enable users to get faster and accurate information.

Information Systems over the Years

Information systems have themselves had a remarkable transformation in the last forty years of their existence. Initially information systems were designed to perform a specific task. The objective here in this type of system was to perform a task as quickly as possible with the minimum number of errors. The concept of using information systems for taking decisions had not been thought of yet. Organizations used information systems for data processing work only. Be it salary processing or bill processing, information systems of those times were focused on efficiency of operation. The people who worked on these systems had knowledge about the system and the user interface of the systems was very basic (character user interface). The output was in the form of output like salary slips, etc. Processing the data in the most efficient way was the prime focus of such systems. Most of these systems used file based data storage systems on which a computer programme would work, i.e., the computer programme would be able to access the data and organize it but it would store the data in a file. The problem with this type of system was that it led to replication of data and loss of consistency. Most of these system used COBOL computer programming language for such applications. The management of data and records in such files led to the development of important file management concepts like indexing.

Over the years, information systems have changed. Now more focus is on helping the management by providing information useful for decision-making. Data processing systems have become obsolete. Presently, focus is on delivering the right information to the right people at the right time. Information systems have become faster, more accurate and user friendly so that anyone can use it. The people who work on information systems nowadays are not knowledgeable about systems per se. They are normal users. The systems have become so friendly that they do not require users to be specialists in information systems to use them. Newer concepts have emerged in the information systems space to help organizations get better value for their money. Concepts like client server architecture, networking, distributed computing, centralized database, graphical user interface, and Internet have completely changed the information system space. Gone are the bulky mainframe systems requiring loads of money to procure and run. Now more money is required to procure the software than the hardware.

Systems approach is widely used in problem solving in different contexts. Researchers in the field of science and technology have used it for quite some time now. Business problems can also be analyzed and solved using this approach. The following steps are required for this:

Defining the Problem

This is the step when the problem has to be defined. Sometimes one may confuse the symptoms or the exhibition of a behavior to be a problem but actually it may only be a symptom of a larger malaise. It may just exhibit the behavior of a larger phenomenon. It is vital to drill deep into an issue and clearly understand the problem rather than having a superficial understanding of the problem. One must appreciate that this in the initial stage of problem solving and if the problem itself is not correctly diagnosed then the solution will obviously be wrong. Systems approach is therefore used to understand the problem in granular detail to establish requirement and objectives in-depth. By using the systems approach the problem will be analyzed in its totality with inherent elements and their interrelationships and therefore this detailed analysis will bring out the actual problem and separate out the symptom from it.

Developing Alternative Solutions

This the logical next step in the systems approaches for problem solving. In this stage alternative solutions are generated. This requires creativity and innovation. In this stage-the analyst uses creativity to come up with possible solutions to the problem. Typically in this stage only the outline of solutions are generated rather than the actual solutions.

Selecting a Solution

In this step, the solution that suits the requirement and objectives in the most comprehensive manner is selected as the ‘best’ solution. This is done after evaluating all the possible solutions and then comparing the possible set of solutions to find the most suitable solution lot of mathematical, financial and technical models is used to select the most appropriate solution.

Designing the Solution

Once the most appropriate solution is chosen, it is then made into a design document to give it the shape of an actionable solution, as in the evaluation stage, only the outline of the solution is used. At this stage the details of the solution are worked out to create the blueprint for the solution. Several design diagrams are used to prepare the design document. At this stage the requirement specifications are again compared with the solution design to double check the suitability of the solution for the problem.

Implementing the Solution

It is the next step in the process. The solution that has been designed is implemented as per the specifications -laid down in the design document. During implementation care is taken to ensure that there are no deviations from the design.

Reviewing the Solution

This is the final step in the problem solving process where the review of the impact of the solution is noted. This is a stage for finding out if the desired result has been achieved that was set out.

A Systems Approach Example

Let us assume that A is the coach of the Indian cricket team. Let us also assume that the objective that A has been entrusted with is to secure a win over the touring Australian cricket team. The coach uses a systems approach to attain this objective. He starts by gathering information about his own team.

Through systems approach he views his own Indian team as a system whose environment would include the other team in the competition, umpires, regulators, crowd and media. His system, i.e., team itself maybe conceptualized as having two subsystems, i.e., players and supporting staff for players. Each subsystem would have its own set of components/entities like the player subsystem will have openers, middle order batsmen, fast bowlers, wicket keeper, etc. The supporting staff subsystem would include bowling coach, batting coach, physiotherapist, psychologist, etc. All these entities would indeed have a bearing on the actual outcome of the game. The coach adopts a systems approach to determine the playing strategy that he will adopt to ensure that the Indian side wins. He analyses the issue in a stepwise manner as given below:

Step 1: Defining the problem-In this stage the coach tries to understand the past performance of his team and that of the other team in the competition. His objective is to defeat the competing team. He realizes that the problem he faces is that of losing the game. This is his main problem.

Step 2: Collecting data-The coach employs his supporting staff to gather data on the skills and physical condition of the players in the competing team by analyzing past performance data, viewing television footage of previous games, making psychological profiles of each player. The support staff analyses the data and comes up with the following observations:

1. Both teams use an aggressive strategy during the period of power play. The competing Australian team uses the opening players to spearhead this attack. However, recently the openers have had a personal fight and are facing interpersonal problems.
2. The game is being played in Mumbai and the local crowd support is estimated to be of some value amounting to around fifty runs. Also the crowd has come to watch the Indian team win. A loss here would cost the team in terms of morale.
3. The umpires are neutral and are not intimidated by large crowd support but are lenient towards sledging.

Step 3: Identifying alternatives-Based on the collected data the coach generates the following alternate strategies:

1. Play upon the minds of the opening players of the competitors by highlighting their personal differences using sledging alone.
2. Employ defensive tactics during power play when the openers are most aggressive and not using sledging.
3. Keep close in fielders who would sledge and employ the best attacking bowlers of the Indian team during the power play.

Step 4: Evaluating alternatives-After having generated different alternatives, the coach has to select only one. The first alternative may lead to loss of concentration on the part of openers and result in breakthroughs. However, there is a chance that the interpersonal differences between the two openers may have already been resolved before they come to the field and in such a case this strategy will fail. The second strategy provides a safer option in the sense that it will neutralize the aggressive game of the openers but there is limited chance of getting breakthroughs. The third option of employing aggressive close in fielders to play upon the internal personal differences of the openers and at the same time employing the best bowlers may lead to breakthroughs and may also restrict the aggressive openers.

Step 5: Selecting the best alternative-The coach selects the third alternative as it provides him with the opportunity of neutralizing the aggressive playing strategy of the openers as well as increases the chances of getting breakthrough wickets.

Step 6: Implementing and monitoring-The coach communicates his strategy to his players and support staff, instructs support staff to organize mock sessions and tactics to be employed to make the strategy a success. The players and support staff performance is monitored by the coach on a regular basis to ensure that the strategy is employed perfectly.

Simplifying a System or Applying Systems Approach For Problem Solving

The easiest way to simplify a system for better understanding is to follow a two-stage approach.

Partitioning the System into Black Boxes

This is the first stage of the simplification process, in this stage the system is partitioned into black boxes. Black boxes need limited knowledge to be constructed. To construct a black box one needs to know the input that goes into it, the output that comes out of it and its function. The knowledge of how the functionality is achieved is not required for constructing a black box. Black box partitioning helps in the comprehension of the system, as the entire system gets broken down into granular functionalities of a set of black boxes.

Organizing the Black Boxes into Hierarchies

This is the second stage of the simplification process, in this stage the black boxes constructed in the earlier phase are organized into hierarchies so that the relationships among the black boxes is easily established. Once, a hierarchy of the black boxes is established, the system becomes easier to understand as the internal working of the system becomes clearer.

Different types of systems exist. Some are abstract concepts while others are operational ones. Given below are different types and classes of systems:

Closed and Open Systems

A system is said to be closed if it does not interact with the environment in which it exists. It is in a state of isolation. It is completely self-contained. This is only of theoretical interest as in reality systems exhibit different degrees of openness.

A system is said to be open when it interacts with the environment in which it exists. It exchanges inputs and outputs with the environment. Such regular interaction with the environment makes the study of open systems difficult (Checkland 1981). A system might be said to be ‘open’ with regard to some entities and processes but might exhibit ‘closed’ behavior with respect to other entities and processes.

Deterministic, Probabilistic and Random Systems

A system is deterministic if its outputs are certain. This means that the relationships between its components are fully known and certain. Hence, when an input is given the output is fully predictable. An example of a deterministic system is the common entrance examination for entry into IIM. All the entities in the system and their interrelationships are well known and given an input the output can be determined with certainty.

A probabilistic system is one where the output from the system behaves probabilistically, i.e., the output is predictable according to probability values. The portfolio investment systems of an asset management company that invests in the stock market will have a probabilistic output for a given input as the system and its entities behave probabilistically.

Random systems are completely unpredictable systems. One is completely unaware of the components and their relationships with each other and hence, the output is random. An example of random system is the transport system. Given an input one is not sure about the output.

Human, Machine and Human-machine System

A human system consists of humans as components. It is an open system exhibiting probabilistic behavior. An example of this kind of system is a department within an organization.

A machine system is composed entirely of machines and machine subsystems. It is deterministic and relatively closed. An example of this type of system would be a fire alarm system. A system which consists of humans and machines is called a human-machine system. Information systems are examples of human-machine systems. These systems are deterministic in delivery but probabilistic in interpretation.

Abstract and Concrete Systems

An abstract system is an ordered arrangement of concepts. Abstract systems can be procedural or conceptual.

Concrete systems are systems in which at least two components are objects. Concrete systems can be physical or social systems.

Adaptive and Non-adaptive Systems

A system is said to be adaptive if it modifies itself with the changes in its environment.

A democratic system of government is an example of adaptive system as it changes to accommodate the changes in the environment.

A non-adaptive system does not react to changes in its environment.

An autocratic system of governance is an example of non adaptive system. It does not change or adapt to changes in the environment.

Simple and Complex Systems

A simple system is one in which there are a few interrelated entities whereas a complex system is one in which there a lot of components with a lot of interrelations amongst them.

A bicycle may be considered as an example of a simple system whereas a motorcycle may be considered a complex system. In the bicycle, the number of entities and subsystems are very few, whereas in a motorcycle the number of entities, subsystems and their interrelations are many. Each subsystem in a motorcycle may itself be considered as a simple system.

Control is essential for monitoring the output of systems and is exercised by means of control loops. It is necessary for monitoring the desired output of a system with the actual output so that the performance of the system can be measured and corrective action taken if required. Schoderbek, 1985 mentions four elements required for effective control:

1. A control variable is the variable whose value would determine the degree of performance of the system.
2. A detector is to monitor the output of the system by measuring the control variable parameters.
3. A comparator is to compare the actual and planned output of the system.
4. An effecter is to make suitable changes.

To illustrate these in greater detail, let us visualize the cooling system of a refrigerator. The cooling coils cool the refrigerator to bring the temperature to a certain level and then the effecter is relied upon to change the system inputs so that the cooling process is stopped once the desired temperature is reached. The detector measures the temperature and compares it with the desired temperature and the effecter stops the cooling process once the desired temperature is reached. Again, if the temperature rises above the desired temperature, the effecter comes into play again by putting on the cooling system. This is called control and the process in which this was done in this case is called a control loop. In this case a closed loop. The open loop control systems have a structure in which the output of the system is not coupled with the input of the system.

Types of Control

Control mechanisms can be of two types: feedback control and feed forward control.

Feedback Control

When we have a control structure in which the output is used to directly alter the inputs we call that as a feedback control mechanism. Feedback control can itself be of two types, i.e. positive feedback and negative feedback. Positive feedback is when the output of a system is positively correlated with the input, i.e., more output prompts more input or less output prompts less input. For example, stock market sometimes exhibit positive feedback. Positive feedback generally indicates an instable system unless there is an outside mechanism to stop the process beyond a point. Negative feedback on the other hand is the opposite of positive feedback in the sense that in negative feedback the relationship between output and input is negative. The refrigerator example given earlier is an example of negative feedback.

Feedback control systems particularly the ones with negative feedback have a tendency to oscillate around the desired values of control variables. For example, take the example of a driver driving a vehicle and wanting to keep a speed of around sixty km per hour. He will apply brakes when he is beyond sixty km per hour and as a result the vehicle speed will come back, to let us say, fifty-five km per hour at which time he will again press the accelerator and push the speed to near sixty km per hour and this will again result in the speed crossing sixty km per hour alerting him to press brakes and slow down. Thus vehicle speed will oscillate around sixty km per hour, which happens as control mechanisms are not designed to work in a step wise manner, instead they have a steady effect on the system. This means that system oscillation happens when control mechanisms might take some time to react to an alert or may also take a finite time to take effect or both. This can also happen if the control mechanism overcompensates for the deviation from a stable state.

Feed Forward Control

This is a type of control mechanism to address the problem of system oscillation. In this type of control mechanism, the control is exercised after predicting the output and if the prediction about the output is that it will cross the stable limit or the target then control mechanisms are applied even before the target value or control value of the control variable is attained bringing down the system automatically below the danger limit. For example, if in our driver example, if the vehicle had an intelligent braking system controlled by computer aided automatic brake controls then whenever the vehicle would go over fifty-eight km per hour, automatic brakes would be applied irrespective of whether the driver applies brakes or not bringing down the speed to the desired level. This is called feed forward system and it works on a proactive philosophy rather that the reactive philosophies of a feed back control mechanism. However, to apply feed forward control mechanism we need to have complete understanding of the system.

Systems have very specific common characteristics which help in its identification. They are:

1. Systems have a specific structure which is defined by its components (entities/subsystems) and processes (interrelationships between its components). A system is a collection of interrelated entities and/or subsystems which can be analyzed. It is possible to understand the specific structure of a system. However, in some systems complete knowledge may not be available but in most cases the fundamental entities and their interrelations are known.
2. Systems are a model of reality-a system is an abstraction of reality. It is created to comprehend the nuances of a real-world condition and understand the interrelationships of subsystems in such real-world conditions in greater clarity.
3. A system has a purpose-a system performs a function. It has a reason for its existence. The purpose in most cases is the output of the system and in a way the output defines the purpose of the system.
4. Systems have inputs and outputs. Outputs are produced by processing the inputs-a system (unless of theoretical interest and fully closed), interacts with the environment by taking in input and then after processing the input produces the output.
5. Systems have performance that can be measured in terms of its output-a system will have measures of performance. In most cases, the performance of the system is a function of its input and output.
6. A system serves a client-the system will have a utility and hence, a client for it. The client can also be another system.
7. The components that make up a system have functional as well as structural interrelationships with each other.
8. A system has an environment-a system cannot exist in isolation. It exists in an environment. The environment reacts with it.
9. Each subsystem also has a purpose and a measure of purpose.

A special class of systems dealing with the storage, processing and delivery of information is of special significance to business and is called information systems. When these information systems aid the management in taking decisions, they are then broadly classified as management information systems. These are special systems with unique characteristics.

Even though we are focusing here on business systems and information systems, the concept of system lies at the core of many scientific management theories and techniques. In fact, the idea of the system originated from the field of physical and biological sciences. After a lot of deliberations, scientists in these fields of science could define a system with clarity. Management has borrowed the concept from these disciplines and has used it extensively in its theory. Some modern management techniques have evolved from the concept of systems. In fact, the entire study of management decision-making using information is in a way derived from the study of the structured systems based approach and systems concept.

What is a System?

System can be defined as a set of interacting entities with interrelationships/interconnections amongst each other forming an integrated whole. Here in the context of systems concept an entity may be conceptualized as something, which has a distinct existence. The entity may just be abstract without any material or animate existence but it must be distinct. The entities can themselves be systems, in which case they are called subsystems, as they work like components which make up the bigger system. Churchman (1971) has laid down nine conditions for entities to be considered as systems (human-designed systems).

Also, most systems would have with at least one input and one output through which the system would interact with the environment. However, there are systems (theoretical cases), which do not need to interact with the environment.

A system can be conceived of as a ‘White Box’ where clear understanding of the internal workings of the system is known, i.e., the interrelationships between its constituent elements are understood or as a ‘Black Box’ where there is no clear understanding of the internal workings of the system.

Typically, we conceptualize systems as black boxes when we do not fully understand the inner working of the system and its interrelations within or choose to ignore it for the sake of simplicity.

The boundary of a system is the imaginary line separating the domain of the system from that of the environment. It is more of an abstract concept rather than a physical one. However, in some cases the boundary of a system may indeed be also its physical boundary. A good way of identifying a system boundary is to find out if the boundary encloses a self contained entity and if there is adequate control of the system within the boundary. The environment of a system is the set of variables which interact with the system.

Systems exhibit behavior which helps in their classification. Some of the important dimensions used for such classification are the degree of openness of the system to environmental exchanges, degree of determinism or predictability of the system in terms of given inputs and expected output, degree of dynamism or churn in the system (mostly to adapt to changing environments) and the degree of self-regulation or control of the system. These dimensions help in classification of systems.

Some Basic System Ideas

Let us now discuss some basic ideas about systems, which are generic in nature and are present irrespective of the type or characteristic of a system.

Emergent properties: This is one of the fundamental ideas of systems. It means that the system exhibits a set of properties when working collectively as a whole system, which are not present in any of the entities that make up the system. The manner in which the system will behave cannot be understood by looking only at its constituent elements. An example of this ’emergent property’ is a living organism. The organism as a whole system exhibits properties that are quite different from the properties of its constituent element, i.e., cells. By examining cells alone, the behavior of the living organism cannot be determined.

Hierarchy: In most systems the interrelated and interacting entities that make the holistic integrated whole of a system may itself have some entities which are systems in themselves. They have their own input, output, their own set of interrelated entities and their own emergent properties. These are called subsystems. Indeed, the system under study may itself be a subsystem of a larger system called supra system. Like when analyzing organizations as systems we find that there are subsystems of production, HR, etc., which makes up the entire organization as a system but then this organization is itself a subsystem of the larger society and civilization at large. Thus, in most cases we will find that systems are themselves subsystems of some larger system and have in themselves subsystems that come together with other entities to make the system in the first place. Therefore, there is a hierarchy of systems. Each level of hierarchy will present its own set of complexity. We have to understand the level of granularity we wish to approach in understanding a system. At one level we may just wish to know the interrelationships of a system’s entities, some of which may be subsystems. At another level we might not restrict ourselves to this kind of macro view and may go into the analysis of the interrelationships of entities of not only the system under review but also the interrelationships of all entities of subsystems of the system under review. This hierarchy helps in the understanding of the abstractions of systems.

Communication: This is an issue that affects all systems and indeed, is the single most important reason for system failures. B communication, in the context of systems, we mean the ability of the interrelated subsystems and entities that make up the system to interact with each other. Sometime s the output of a subsystem may be the input of another subsystem and if this communication between these two subsystems is not good the system will face problems. For example, if in an organization system, the output from the marketing subsystem on the demand scenario in the market is not clearly communicated to the production subsystem then the organization system will face problems. In fact, this issue leads to another important concept in system literature, i.e., the issue of coupling. The degree of closeness of subsystems is known as coupling.

Control: This is the mechanism to regulate the system. It is the internal mechanism to create a stable system so that the output remains within the desired limits. This is one of the most important concepts in systems as without control a system will behave in a chaotic manner.

The systems approach is an old concept. The approach stands on the assumption that breaking down of a complex concept into simple easy to understand units helps in better understanding of the complexity. Ludwig von Bertalanffy first proposed the systems approach under the name of ‘General System Theory’.

Even though he had orally created the notion of the general systems theory in the 1940’s he formally published it in 1968 (Ludwig von Bertalanffy 1968). He introduced system as a new scientific philosophy and defined it in a formal manner. He noted that most systems (biological or physical) of any practical relevance are open as they interact with the environment. Therefore, to understand the system it has to be differentiated from the environment, i.e., the boundary of the system has to be clearly defined along with its interaction with the environment from within this boundary.

The approach concentrates on the holistic entity of the system without neglecting the components. It attempts to understand the role each component plays in the system while simultaneously understanding the activity of the whole system. Major concepts of the systems approach are:

1. Holism: A change in any part/component of a system affects the whole system directly or indirectly (Boulding 1985, Litterer 1973, von Bertalanffy 1968).
2. Specialization: A whole system can be divided into granular (smaller easy to understand), components so that the specialized role of each component is appreciated.
3. Non-summational: Every component (subsystem/partial system) is of importance to the whole. It is therefore essential to understand the actions of each component to get the holistic perspective (Boulding 1985, Litterer 1973).
4. Grouping: The process of specialization can create its own complexity by proliferating components with increasing specialization. To avoid this it becomes essential to group related disciplines or sub-disciplines.
5. Coordination: The grouped components and sub components need coordination. Without coordination the components will not be able to work in a concerted manner and will lead to chaos. Coordination and control is a very important concept in the study of systems as without this we will not be a unified holistic concept.
6. Emergent properties: This is an important concept of systems approach. It means that the group of interrelated entities (components) has properties as a group that is not present in any individual component. This is the holistic view of a system. For example, multicellular organisms exhibit characteristics as a whole which are not present in individual constituent parts like cells.

For the better part of our productive life, most of us are a part of one organization or another. The organization that we are part of may be very structured, like the armed forces or corporate entities or it may be loosely structured like a neighborhood cricket team. Even though organizations may be of different types, they have some common characteristics like the existence of a common goal/mission towards which each member of the organization works for, a plan or an agenda to make the goal/mission a reality and the utilization of resources to achieve the goal.

Managementis the practice of shaping organizations and its people to achieve its goal/s and mission. Management generally involves the following activities or techniques,

1. Planning: Making informed decisions about what to do in the future.
2. Organizing: Making arrangements to fulfill the plan requirements.
3. Staffing: Employing the right people for the right job.
4. Leading: Influencing the members of the organization to move towards the common goal of the organization.
5. Controlling: Making checks to find the deviations/hold ups and taking corrective action/s.

A manager in the course of his duties performs the above activities effectively to do justice to his profession. However, it will be worthwhile to mention here that management itself is an evolving concept. Some consider it as an exact science and others consider it as art. Actually, it is based on practice. The practice of management makes it what it is. The other important criterion for defining management is that management as a profession is associated with the most important activity of an organization and that is decision-making. The only distinguishing attribute of a manager in an organization is his authority and capability to take decisions. This quality makes the profession distinct.

Decisions however cannot be taken in isolation. To take a decision a manager needs information on the problem on which decision is required, information to help generate alternatives, information about the different alternatives and also information about the implications of choosing the alternative. At each phase of the decision-making process, a manager needs information and this is the vital link between management and information. Without information a manger’s ability to take decision is seriously impaired.

Levels of Management

Management however, is not a monolithic entity. Every manager has a distinct role and even though all managers take decisions, some managers take more important decisions than others, which have a greater impact on the entire organization. Management actually is itself divided into levels. Each level of hierarchy has got specific roles, a level of authority, responsibility, accountability and deliverables. Decision-making therefore is of different levels of complexity and impact at the different levels of management. Hence, information requirement is also different for each level.

Antony (1965) has suggested a framework that is widely accepted in which management is divided into three levels-top, middle and operational. Each level has a distinct role and responsibility and the structure is pyramidal. This means that in middle management there are less number of managers than at the operational level and in the top level there are still lesser number of managers than even the middle level. However, the responsibilities grow exponentially as one move up the ladder of the pyramid.

The top level managers are responsible for planning and other strategic activities. Ideally this top management constitutes the CEO, the board and other heads. The top management decision would include strategic issues that will have a lasting impact on the whole organization like the decision to open a factory in say China or the decision to launch a new product, etc. The middle level works on tactical issues. They are responsible for the smooth functioning of the company and also to pass on critical information to the top management about markets and competitors, etc. The middle level managers take decisions regarding say, whether to have a preventive maintenance in the factory or have breakdown maintenance. As can be understood their impact even though important, is not a lasting impact. In different organizations this middle level function is handled by different designated people. In a large firm a Vice President may also perform the role of a middle level manager and in some cases the General Manager may perform a middle level role. The operational management takes decisions on operational issues like taking decisions on which worker will be deployed for what work, etc. They are basically implementers of broad decisions taken by the higher tiers of management. For example, if the top management has decided to make a new product using the same assembly line of the organization then the middle level managers have to completely reschedule the production planning and scheduling. This new production plan will then pass on to the supervisors at the operational level whose job will be to see to it that the broad objectives of the plan remain intact. They can however decide (like decisions on floor level action, decisions on manpower decision on overtime) on the best way to make the plan a reality.

The tier-wise structure of management helps in maintaining order. Even though in modern organizations the levels have blurred a bit, the broad contours remain. However, in different cultures the levels of management take on new meaning like in Japanese companies. In Japanese companies the shop floor level managers have a much greater authority than in other American or Indian companies. This has got more to do with cultural issues than anything else.

The role of information is vital at each level. As is evident, each level takes decisions with varying degree of complexity and impact. However, all the decisions are vital for the smooth functioning of the company. Each level requires a very distinct type of information. At the shop floor level one needs operational information about people, processes, guidelines, etc. All such information is very structured. The manager who goes through the process of taking the decision at this operational level knows that the decision that he is going to take has been taken by him or someone before him several times. Uncertainty about the outcome is minimal. Even then to take the decision, he needs information in a structured format. Like say, at the shop floor level if a supervisor has to decide on shutting down a machine after observing deviations in the output and behavior of the machine he needs to know what the ideal characteristics of the machine are, what the deviation characteristics are and what needs to be done at the first onset of deviation. This information has to be made available to him on a real time basis for him to take that simple decision of shutting the machine. Similarly, for other levels, the same logic holds true. Without information, managerial decision-making quality is severely impaired. In fact, at the higher tiers of management the implications of a decision and wrong decisions at that are much more severe than at the operational level.

Characteristics of Different Levels of Management

The different levels of management have different roles and responsibilities. Each such level works within its own boundary but with the objective of attaining the overall corporate goal.

Information and its use has become the competitive advantage of today’s world. The efficiency with which a firm manages its information determines its success in the marketplace. This enormous power of information unleashed in today’s world has brought down reaction times for decision-making of managers, made customers more aware, competitors more efficient and regulators more alert.

Today, one can no longer hide behind excuses of ‘plausible deniability’. These changes have resulted in a change in mindset of managers and have transformed the way business is conducted. Management of information itself has become a key success factor for firms. However, information is not to be seen in isolation. Information in the current competitive business environment is available to business firms in a computerized environment. Computerization is required to make the information supplied to be timely and accurate, which are critical factors for success in these competitive times.

Hence, the study of information management entails an understanding of information and communication technology also. However, information management is a distinct subject not related (other than the practical considerations of providing the output information timely and accurately) to information and communication technology. Let us now delve deeper into the subject to get a clear understanding of the basic concepts that drive management information systems.

As is clear, the advantage that a modern corporate house enjoys can be traced to its management of information. If the business house cannot manage its information, then it is likely that it will not have any competitive advantage. Typically an organization can develop competitive advantage if it can, does or have what others can’t, do or have. In modern times, the advantages on account of raw materials, technological edge, etc., is being neutralized by the forces of modern business. The last frontier so to say is information management. Companies that have managed to do it successfully like Dell, Google, etc., have generated an unparalleled competitive advantage as their reaction time to changes in the market and/or competition is much less and hence, they can shift business gears faster than their competitors and hence the advantage. Competitive advantage through managing information can accrue to an organization if it:

1. Manages information to reduce reaction time for change
2. Managing information makes the organization efficient
3. Information management leads to insights into the business that the competitors cannot have

4. Information management is used for predictive analysis so that the organization is one step ahead of competition.

This competitive advantage gained by managing information also requires changes in organization cultures. Companies need to create a culture of information based management and decision-making to take advantage of the opportunities of information management. This is a challenge, as installing an organizational culture is not as straightforward as installing an information management system. It is a process that takes a lot of time.

Information systems can be manual but the compulsions of competition in modern business makes information systems run on information technology platforms. Information technology is a term used to describe a set of technologies that includes technologies from the domain of computer science and engineering, networking, electronics and telecommunication and other such domains.

Information technology ensures that processing of data is faster and accurate so that the right information can be supplied to the right person at the right time with better efficiency. Information technology helps information systems to deliver greater value to the management by technology intervention not only in the procession arena but also in the delivery of information, visualization, communication and ease of access areas.

Management using information systems have greater options when such systems are technology enabled. Technology not only ensures the faster processing, storage and retrieval of data but also generates a lot of flexibility in the system by introducing different options making the task of the end user easier. For example, on a manual system the monthly sales information can be delivered to a marketing manager on a hard copy format only, i.e. on paper. This means that the individual cannot have the information on monthly sales when he is traveling, but if technology based information systems are used then the monthly sales related information can be made available through mobile communication technology to the mobile computing device of the marketing manager even when he is traveling, making his work much easier. These kinds of options are possible when technology is used. They make an impact on the information quality as well as the information delivery and provide the users (managers) with a host of options. The technological interventions most commonly used in information systems are:

Common interventions (this is apart from the standard hardware and system software like operating system, etc., interventions that constitute the physical computer infrastructure),

1. Database management system
2. Computer networking
3. Application development tools (3GL or 4GL)
4. Internet based tools
5. Report generation utilities

Niche interventions (this is over and above the common interventions),

1. Wireless communication
2. Enterprise systems
3. Enterprise resource planning
4. Customer relationship management

1. Knowledge management
2. Mobile computing
3. Multi tier architecture
4. Business intelligence
5. Data warehousing and data mining

These technological interventions make the job of a manager easier when dealing with information. The ease of use, ensured quality of information and a host of available options that provide flexibility in information delivery, capture, processing, retrieval and storage makes information technology an integral part of information management and information systems.