Part 10: MIS Security and Ethical Issues

Part 10: MIS Security and Ethical Issues

Security and Ethical Issues

Security of an Information System

Information system security refers to the way the system is defended against unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

There are two major aspects of information system security:

  • Security of the information technology used – securing the system from malicious cyber-attacks that tend to break into the system and to access critical private information or gain control of the internal systems.
  • Security of data – ensuring the integrity of data when critical issues, arise such as natural disasters, computer/server malfunction, physical theft etc. Generally an offsite backup of data is kept for such problems.

Guaranteeing effective information security has the following key aspects:

  • Preventing the unauthorized individuals or systems from accessing the information.
  • Maintaining and assuring the accuracy and consistency of data over its entire lifecycle.
  • Ensuring that the computing systems, the security controls used to protect it and the communication channels used to access it, functioning correctly all the time, thus making information available in all situations.
  • Ensuring that the data, transactions, communications or documents are genuine.
  • Ensuring the integrity of a transaction by validating that both parties involved are genuine, by incorporating authentication features such as “digital signatures”.
  • Ensuring that once a transaction takes place, none of the parties can deny it, either having received a transaction, or having sent a transaction. This is called ‘nonrepudiation’.
  • Safeguarding data and communications stored and shared in network systems.

Information Systems and Ethics

Information systems bring about immense social changes, threatening the existing distributions of power, money, rights, and obligations. It also raises new kinds of crimes, like cyber-crimes.

Following organizations promote ethical issues:

  • The Association of Information Technology Professionals AITPAITP
  • The Association of Computing Machinery ACMACM
  • The Institute of Electrical and Electronics Engineers IEEEIEEE
  • Computer Professionals for Social Responsibility CPSRCPSR

The ACM Code of Ethics and Professional Conduct

  • Strive to achieve the highest quality, effectiveness, and dignity in both the process and products of professional work.
  • Acquire and maintain professional competence.
  • Know and respect existing laws pertaining to professional work.
  • Accept and provide appropriate professional review.
  • Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis and possible risks.
  • Honor contracts, agreements, and assigned responsibilities.
  • Improve public understanding of computing and its consequences.
  • Access computing and communication resources only when authorized to do so.

The IEEE Code of Ethics and Professional Conduct

IEEE code of ethics demands that every professional vouch to commit themselves to the highest ethical and professional conduct and agree:

  • To accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;
  • To avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;
  • To be honest and realistic in stating claims or estimates based on available data;  To reject bribery in all its forms;
  • To improve the understanding of technology, its appropriate application, and potential consequences;
  • To maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;
  • To seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;
  • To treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin;
  • To avoid injuring others, their property, reputation, or employment by false or malicious action;
  • To assist colleagues and co-workers in their professional development and to support them in following this code of ethics.


Part 10: MIS Security and Ethical Issues

Part 9: MIS Managerial Decision-Making

Managerial Decision-Making

Concept of Decision-Making

Decision-making is a cognitive process that results in the selection of a course of action among several alternative scenarios.

Decision-making is a daily activity for any human being. There is no exception about that.

When it comes to business organizations, decision-making is a habit and a process as well.

Effective and successful decisions result in profits, while unsuccessful ones cause losses. Therefore, corporate decision-making is the most critical process in any organization.

In a decision-making process, we choose one course of action from a few possible alternatives. In the process of decision-making, we may use many tools, techniques, and perceptions.

In addition, we may make our own private decisions or may prefer a collective decision.

Usually, decision-making is hard. Majority of corporate decisions involve some level of dissatisfaction or conflict with another party.

Let’s have a look at the decision-making process in detail.

Decision-Making Process

Following are the important steps of the decision-making process. Each step may be supported by different tools and techniques.

Step 1: Identification of the Purpose of the Decision

In this step, the problem is thoroughly analyzed. There are a couple of questions one should ask when it comes to identifying the purpose of the decision.

  • What exactly is the problem?
  • Why the problem should be solved?
  • Who are the affected parties of the problem?
  • Does the problem have a deadline or a specific time-line?

Step 2: Information Gathering

A problem of an organization will have many stakeholders. In addition, there can be dozens of factors involved and affected by the problem.

In the process of solving the problem, you will have to gather as much as information related to the factors and stakeholders involved in the problem. For the process of information gathering, tools such as ‘Check Sheets’ can be effectively used.

Step 3: Principles for Judging the Alternatives

In this step, the baseline criteria for judging the alternatives should be set up. When it comes to defining the criteria, organizational goals as well as the corporate culture should be taken into consideration.

As an example, profit is one of the main concerns in every decision making process. Companies usually do not make decisions that reduce profits, unless it is an exceptional case. Likewise, baseline principles should be identified related to the problem in hand.

Step 4: Brainstorm and Analyze the Choices

For this step, brainstorming to list down all the ideas is the best option. Before the idea generation step, it is vital to understand the causes of the problem and prioritization of causes.

For this, you can make use of Cause-and-Effect diagrams and Pareto Chart tool. Causeand-Effect diagram helps you to identify all possible causes of the problem and Pareto chart helps you to prioritize and identify the causes with the highest effect.

Then, you can move on generating all possible solutions alternativesalternatives for the problem in hand.

Step 5: Evaluation of Alternatives

Use your judgment principles and decision-making criteria to evaluate each alternative. In this step, experience and effectiveness of the judgment principles come into play. You need to compare each alternative for their positives and negatives.

Step 6: Select the Best Alternative

Once you go through from Step 1 to Step 5, this step is easy. In addition, the selection of the best alternative is an informed decision since you have already followed a methodology to derive and select the best alternative.

Step 7: Execute the decision:

Convert your decision into a plan or a sequence of activities. Execute your plan by yourself or with the help of subordinates.

Step 8: Evaluate the Results:

Evaluate the outcome of your decision. See whether there is anything you should learn and then correct in future decision making. This is one of the best practices that will improve your decision-making skills.

Process and Modeling in Decision-Making

There are two basic models in decision-making:

  • Rational models
  • Normative model

The rational models are based on cognitive judgments and help in selecting the most logical and sensible alternative. Examples of such models include: decision matrix analysis, Pugh matrix, SWOT analysis, Pareto analysis and decision trees, selection matrix, etc.

A rational decision making model takes the following steps:

  • Identifying the problem,
  • Identifying the important criteria for the process and the result,
  • Considering all possible solutions,
  • Calculating the consequences of all solutions and comparing the probability of satisfying the criteria,
  • Selecting the best option.

The normative model of decision-making considers constraints that may arise in making decisions, such as time, complexity, uncertainty, and inadequacy of resources.

According to this model, decision-making is characterized by:

  • Limited information processing – A person can manage only a limited amount of information.
  • Judgmental heuristics – A person may use shortcuts to simplify the decision making process.
  • Satisficing – A person may choose a solution that is just “good enough”.

Dynamic Decision-Making

Dynamic decision-making DDMDDM is synergetic decision-making involving interdependent systems, in an environment that changes over time either due to the previous actions of the decision-maker or due to events that are outside of the control of the decision-maker.

These decision-makings are more complex and real-time.

Dynamic decision-making involves observing how people used their experience to control the system’s dynamics and noting down the best decisions taken thereon.

Sensitivity Analysis

Sensitivity analysis is a technique used for distributing the uncertainty in the output of a mathematical model or a system to different sources of uncertainty in its inputs.

From business decision perspective, the sensitivity analysis helps an analyst to identify cost drivers as well as other quantities to make an informed decision. If a particular quantity has no bearing on a decision or prediction, then the conditions relating to quantity could be eliminated, thus simplifying the decision making process.

Sensitivity analysis also helps in some other situations, like:

  • Resource optimization
  • Future data collections
  • Identifying critical assumptions
  • To optimize the tolerance of manufactured parts Static and Dynamic Models

Static models:

  • Show the value of various attributes in a balanced system.
  • Work best in static systems.
  • Do not take into consideration the time-based variances.
  • Do not work well in real-time systems however, it may work in a dynamic system being in equilibrium  Involve less data.
  • Are easy to analyze.
  • Produce faster results.

Dynamic models:

  • Consider the change in data values over time.
  • Consider effect of system behavior over time.
  • Re-calculate equations as time changes.
  • Can be applied only in dynamic systems.

Simulation Techniques

Simulation is a technique that imitates the operation of a real-world process or system over time. Simulation techniques can be used to assist management decision making, where analytical methods are either not available or cannot be applied.

Some of the typical business problem areas where simulation techniques are used are:

  • Inventory control
  • Queuing problem
  • Production planning

Operations Research Techniques

Operational Research OROR includes a wide range of problem-solving techniques involving various advanced analytical models and methods applied. It helps in efficient and improved decision-making.

It encompasses techniques such as simulation, mathematical optimization, queuing theory, stochastic-process models, econometric methods, data envelopment analysis, neural networks, expert systems, decision analysis, and the analytic hierarchy process.

OR techniques describe a system by constructing its mathematical models.

Heuristic Programming

Heuristic programming refers to a branch of artificial intelligence. It consists of programs that are self-learning in nature.

However, these programs are not optimal in nature, as they are experience-based techniques for problem solving.

Most basic heuristic programs would be based on pure ‘trial-error’ methods.

Heuristics take a ‘guess’ approach to problem solving, yielding a ‘good enough’ answer, rather than finding a ‘best possible’ solution.

Group Decision-Making

In group decision-making, various individuals in a group take part in collaborative decision-making.

Group Decision Support System GDSSGDSS is a decision support system that provides support in decision making by a group of people. It facilitates the free flow and exchange of ideas and information among the group members. Decisions are made with a higher degree of consensus and agreement resulting in a dramatically higher likelihood of implementation.

Following are the available types of computer based GDSSs:

  • Decision Network: This type helps the participants to communicate with each other through a network or through a central database. Application software may use commonly shared models to provide support.
  • Decision Room: Participants are located at one place, i.e. the decision room. The purpose of this is to enhance participant’s interactions and decision-making within a fixed period of time using a facilitator.
  • Teleconferencing: Groups are composed of members or sub groups that are geographically dispersed; teleconferencing provides interactive connection between two or more decision rooms. This interaction will involve transmission of computerized and audio visual information.
Part 10: MIS Security and Ethical Issues

Part 8: MIS Development Process

MIS Development Process

In MIS, the information is recognized as a major resource like capital and time. If this resource has to be managed well, it calls upon the management to plan for it and control it, so that the information becomes a vital resource for the system.

  • The management information system needs good planning.
  • This system should deal with the management information not with data processing alone.
  • It should provide support for the management planning, decision-making and action.  It should provide support to the changing needs of business management.

Major challenges in MIS implementation are:

  • Quantity, content and context of information – how much information and exactly what should it describe.
  • Nature of analysis and presentation – comprehensibility of information.
  • Availability of information – frequency, contemporariness, on-demand or routine, periodic or occasional, one-time info or repetitive in nature and so on  Accuracy of information.
  • Reliability of information.
  • Security and Authentication of the system.

Planning for MIS

MIS design and development process has to address the following issues successfully:

  • There should be effective communication between the developers and users of the system.
  • There should be synchronization in understanding of management, processes and IT among the users as well as the developers.
  • Understanding of the information needs of managers from different functional areas and combining these needs into a single integrated system.
  • Creating a unified MIS covering the entire organization will lead to a more economical, faster and more integrated system, however it will increase in design complexity manifold.
  • The MIS has to be interacting with the complex environment comprising all other sub-systems in the overall information system of the organization. So, it is extremely necessary to understand and define the requirements of MIS in the context of the organization.
  • It should keep pace with changes in environment, changing demands of the customers and growing competition.
  • It should utilize fast developing in IT capabilities in the best possible ways.
  • Cost and time of installing such advanced IT-based systems is high, so there should not be a need for frequent and major modifications.

It should take care of not only the users i.e., the managers but also other stakeholders like employees, customers and suppliers.

Once the organizational planning stage is over, the designer of the system should take the following strategic decisions for the achievement of MIS goals and objectives:

  • Development Strategy: Example – an online, real-time batch.
  • System Development Strategy: Designer selects an approach to system development like operational verses functional, accounting verses analysis.
  • Resources for the Development: Designer has to select resources. Resources can be in-house verses external, customized or use of package.
  • Manpower Composition: The staffs should have analysts, and programmers.

Information system planning essentially involves:

  • Identification of the stage of information system in the organization.
  • Identification of the application of organizational IS.
  • Evolution of each of this application based on the established evolution criteria.
  • Establishing a priority ranking for these applications.
  • Determining the optimum architecture of IS for serving the top priority applications.

Information System Requirements

The following diagram illustrates a brief sketch of the process of information requirement analysis:

The following three methodologies can be adopted to determine the requirements in developing a management information system for any organization:

Business Systems Planning BSPBSP – this methodology is developed by IBM.

  • It identifies the IS priorities of the organization and focuses on the way data is maintained in the system.
  • It uses data architecture supporting multiple applications. o It defines data classes using different matrices to establish relationships among the organization, its processes and data requirements.
  • Critical Success Factor CSFCSF – this methodology is developed by John Rockart of MIT. o It identifies the key business goals and strategies of each manager as well as that of the business.
    • Next, it looks for the critical success factors underlying these goals. o Measure of CSF effectiveness becomes an input for defining the information system requirements.
  • End/Means E/ME/M analysis – this methodology is developed by Wetherbe and Davis at the University of Minnesota.
    • It determines the effectiveness criteria for outputs and efficiency criteria for the processes generating the outputs.
    • At first it identifies the outputs or services provided by the business processes.
    • Then it describes the factors that make these outputs effective for the user. o Finally it selects the information needed to evaluate the effectiveness of outputs

Information System Analysis and Design

System analysis and design follows the typical System/Software Design Life

Cycle SDLCSDLC as discussed in the previous chapter. It generally passes through the following phases:

  • Problem Definition
  • Feasibility Study
  • Systems Analysis
  • System Design
  • Detailed System Design
  • Implementation
  • Maintenance

In the analysis phase, the following techniques are commonly used:

  • Data flow diagrams DFD
  • Logic Modeling
  • Data Modeling
  • Rapid Application Development RAD
  • Object Oriented Analysis OOA

Technology for Information Systems

The technology requirement for an information system can be categorized as:


  • Data center systems – It is the environment that provides processing, storage, networking, management and the distribution of data within an enterprise.
  • Enterprise software – These are software system like ERP, SCM, Human Resource Management, etc. that fulfill the needs and objectives of the organizations.
  • IT services – It refers to the implementation and management of quality IT services by IT service providers through people, process and information technology. It often includes various process improvement frameworks and methodologies like six sigma, TQM, and so on.
  • Telecom services

System Test Planning and Execution

The system should be fully tested for errors before being fully operational.

The test plan should include for each test:

  • Purpose
  • Definition
  • test inputs
  • detailed specification of test procedure
  • details of expected outputs

Each sub-system and all their components should be tested using various test procedures and data to ensure that each component is working as it is intended.

The testing must include the users of the system to identify errors as well as get the feedback.

System Operation

Before the system is in operation, the following issues should be taken care of:

  • Data security, backup and recovery;
  • Systems control;
  • Testing of the system to ensure that it works bug-free in all expected business situations;
  • The hardware and software used should be able to deliver the expected processing;
  • The system capacity and expected response time should be maintained;
  • The system should be well documented including; o A user guide for inexperienced users, o A user reference or operations manual for advanced users, o A system reference manual describing system structures and architecture.

Once the system is fully operational, it should be maintained throughout its working life to resolve any glitches or difficulties faced in operation and minor modifications might be made to overcome such situations.

Factors for Success and Failure

MIS development projects are high-risk, high-return projects. Following could be stated as critical factors for success and failure in MIS development:

  • It should cater to a specific, well-perceived business.
  • The top management should be completely convinced, able and willing to such a system. Ideally there should be a patron or a sponsor for the system in the top management.
  • All users including managers and other employees should be made an integral part of the development, implementation, and use of the system.
  • There should be an operational prototype of the system released as soon as possible, to create interest among the users.
  • There should be good support staff with necessary technical, business, and interpersonal skills.
  • The system should be simple, easy to understand without adding much complexity. It is a best practice, not to add up an entity unless there is both a use and user for it.
  • It should be easy to use and navigate with high response time.
  • The implementation process should follow a definite goal and time.
  • All the users including the top management should be given proper training, so that they have a good knowledge of the content and function of the system, and can use it fully for various managerial activities such as reporting, budgeting, controlling, planning, monitoring, etc.
  • It must produce useful outputs to be used by all managers.
  • The system should be well integrated into the management processes of planning, decision-making, and monitoring.
Part 10: MIS Security and Ethical Issues

Part 6: MIS Business Continuity Planning and Supply Chain Management

 MIS Business Continuity Planning (BCP)

Business Continuity Planning BCPBCP or Business Continuity and Resiliency

Planning BCRPBCRP creates a guideline for continuing business operations under adverse conditions such as a natural calamity, an interruption in regular business processes, loss or damage to critical infrastructure, or a crime done against the business.

It is defined as a plan that “identifies an organization’s exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, while maintaining competitive advantage and value system integrity.”

Understandably, risk management and disaster management are major components in business continuity planning.

Objectives of BCP

Following are the objectives of BCP:

  • Reducing the possibility of any interruption in regular business processes using proper risk management.
  • Minimizing the impact of interruption, if any.
  • Teaching the staff their roles and responsibilities in such a situation to safeguard their own security and other interests.
  • Handling any potential failure in supply chain system, to maintain the natural flow of business.
  • Protecting the business from failure and negative publicity.
  • Protecting customers and maintaining customer relationships.
  • Protecting the prevalent and prospective market and competitive advantage of the business.
  • Protecting profits, revenue and goodwill.
  • Setting a recovery plan following a disruption to normal operating conditions.  Fulfilling legislative and regulatory requirements.

Traditionally a business continuity plan would just protect the data center. With the advent of technologies, the scope of a BCP includes all distributed operations, personnel, networks, power and eventually all aspects of the IT environment.

Phases of BCP

The business continuity planning process involves recovery, continuation, and preservation of the entire business operation, not just its technology component. It should include contingency plans to protect all resources of the organization, e.g., human resource, financial resource and IT infrastructure, against any mishap.

It has the following phases:

  • Project management & initiation
  • Business Impact Analysis BIABIA
  • Recovery strategies
  • Plan design & development
  • Testing, maintenance, awareness, training

Project Management and Initiation

This phase has the following sub-phases:

  • Establish need riskanalysisriskanalysis
  • Get management support
  • Establish team functional,technical,BCC−BusinessContinuityCoordinatorfunctional,technical,BCC−Bus inessContinuityCoordinator
  • Create work plan scope, goals, methods, timeline scope, goals, methods, timeline
  • Initial report to management
  • Obtain management approval to proceed

Business Impact Analysis

This phase is used to obtain formal agreement with senior management for each timecritical business resource. This phase has the following sub-phases:

  • Deciding maximum tolerable downtime, also known as MAO Maximum Allowable

Outage Maximum Allowable Outage

  • Quantifying loss due to business outage financial,extracostofrecovery,embarrassmentfinancial,extracostofrecovery,embarrassme nt, without estimating the probability of kinds of incidents, it only quantifies the consequences
  • Choosing information gathering methods surveys,interviews,softwaretoolssurveys,interviews,softwaretools
  • Selecting interviewees
  • Customizing questionnaire
  • Analyzing information
  • Identifying time-critical business functions
  • Assigning MTDs
  • Ranking critical business functions by MTDs
  • Reporting recovery options
  • Obtaining management approval

Recovery Phase

This phase involves creating recovery strategies are based on MTDs, predefined and management-approved. These strategies should address recovery of:

  • Business operations
  • Facilities & supplies
  • Users workersandend−usersworkersandend−users
  • Network
  • Data center technical
  • Data off−sitebackupsofdataandapplicationsoff−sitebackupsofdataandapplications

BCP Development Phase

This phase involves creating detailed recovery plan that includes:

  • Business & service recovery plans
  • Maintenance plan
  • Awareness & training plan
  • Testing plan

The Sample Plan is divided into the following phases:

  • Initial disaster response
  • Resume critical business ops
  • Resume non-critical business ops
  • Restoration return to primary site return to primary site
  • Interacting with external groups customers,media,emergencyresponderscustomers,media,emergencyresponders

Final Phase

The final phase is a continuously evolving process containing testing maintenance, and training.

The testing process generally follows procedures like structured walk-through, creating checklist, simulation, parallel and full interruptions.

Maintenance involves:

  • Fixing problems found in testing
  • Implementing change management
  • Auditing and addressing audit findings
  • Annual review of plan

Training is an ongoing process and it should be made a part of the corporate standards and the corporate culture.

Supply Chain Management SCM

Supply chain management is the systemic, strategic coordination of the traditional business functions and tactics across these business functions – both within a particular company and across businesses within the supply chain- all coordinated to improve the long-term performance of the individual companies and the supply chain as a whole.

In a traditional manufacturing environment, supply chain management meant managing movement and storage of raw materials, work-in-progress inventory, and finished goods from point of origin to point of consumption.

It involves managing the network of interconnected smaller business units, networks of channels that take part in producing a merchandise of a service package required by the end users or customers.

With businesses crossing the barriers of local markets and reaching out to a global scenario, SCM is now defined as:

Design, planning, execution, control, and monitoring of supply chain activities  with the objective of creating net value, building a competitive infrastructure,  leveraging worldwide logistics, synchronizing supply with demand and measuring  performance globally.

SCM consists of:

  • operations management
  • logistics
  • procurement
  • information technology
  • integrated business operations Objectives of SCM
  • To decrease inventory cost by more accurately predicting demand and scheduling production to match it.
  • To reduce overall production cost by streamlining production and by improving information flow.
  • To improve customer satisfaction.

Features of SCM

Scope of SCM

SCM Processes

  • Customer Relationship Management
  • Customer Service Management
  • Demand Management
  • Customer Order Fulfillment
  • Manufacturing Flow Management
  • Procurement Management
  • Product Development and Commercialization
  • Returns Management

Advantages of SCM

SCM have multi-dimensional advantages:

  • To the suppliers:
    • Help in giving clear-cut instruction o Online data transfer reduce paper work  Inventory Economy:
    • Low cost of handling inventory
    • Low cost of stock outage by deciding optimum size of replenishment orders o Achieve excellent logistical performance such as just in time  Distribution Point:
    • Satisfied distributor and whole seller ensure that the right products reach the right place at right time
    • Clear business processes subject to fewer errors o Easy accounting of stock and cost of stock  Channel Management:
    • Reduce total number of transactions required to provide product assortment o Organization is logically capable of performing customization requirements  Financial management: o Low cost o Realistic analysis
  • Operational performance:
    • It involves delivery speed and consistency.
  • External customer:
    • Conformance of product and services to their requirements o Competitive prices o Quality and reliability o Delivery o After sales services
  • To employees and internal customers: o Teamwork and cooperation o Efficient structure and system

Quality work o Delivery

Part 10: MIS Security and Ethical Issues

Part 2: MIS Major Enterprise Applications and Use.

Enterprise applications

Enterprise applications are specifically designed for the sole purpose of promoting the needs and objectives of the organizations.

Enterprise applications provide business-oriented tools supporting electronic commerce, enterprise communication and collaboration, and web-enabled business processes both within a networked enterprise and with its customers and business partners.

Services Provided by Enterprise Applications

Some of the services provided by an enterprise application includes:

  • Online shopping, billing and payment processing
  • Interactive product catalogue
  • Content management
  • Customer relationship management
  • Manufacturing and other business processes integration
  • IT services management
  • Enterprise resource management
  • Human resource management
  • Business intelligence management
  • Business collaboration and security
  • Form automation

Basically these applications intend to model the business processes, i.e., how the entire organization works. These tools work by displaying, manipulating and storing large amounts of data and automating the business processes with these data.

Most Commonly Used Enterprise Applications

Multitude of applications comes under the definition of Enterprise Applications. In this section, let us briefly cover the following applications:

  • Management information system(MIS)
  • Enterprise Resource Planning(ERP)
  • Customer Relationship Management (CRM)
  • Decision Support System(DSS)
  • Knowledge Management Systems (KMS)
  • Content Management System (CMS)
  • Executive Support System (ESS)
  • Business Intelligence System (BIS)
  • Enterprise Application Integration (EAI)
  • Business Continuity Planning (BCP)
  • Supply Chain Management (SCM)

Management Information System

To the managers, Management Information System is an implementation of the organizational systems and procedures. To a programmer it is nothing but file structures and file processing. However, it involves much more complexity.

The three components of MIS provide a more complete and focused definition, where System suggests integration and holistic view, Information stands for processed data, and Management is the ultimate user, the decision makers.

Management information system can thus be analyzed as follows:


Management covers the planning, control, and administration of the operations of a concern. The top management handles planning; the middle management concentrates on controlling; and the lower management is concerned with actual administration.


Information, in MIS, means the processed data that helps the management in planning, controlling and operations. Data means all the facts arising out of the operations of the concern. Data is processed i.e. recorded, summarized, compared and finally presented to the management in the form of MIS report.


Data is processed into information with the help of a system. A system is made up of inputs, processing, output and feedback or control.

Thus MIS means a system for processing data in order to give proper information to the management for performing its functions.


Management Information System or ‘MIS’ is a planned system of collecting,  storing, and disseminating data in the form of information needed to carry  out the functions of management.

Objectives of MIS

The goals of an MIS are to implement the organizational structure and dynamics of the enterprise for the purpose of managing the organization in a better way and capturing the potential of the information system for competitive advantage.

Following are the basic objectives of an MIS:

  • Capturing Data: Capturing contextual data, or operational information that will contribute in decision making from various internal and external sources of organization.
  • Processing Data: The captured data is processed into information needed for planning, organizing, coordinating, directing and controlling functionalities at strategic, tactical and operational level. Processing data means: o making calculations with the data o sorting data o classifying data and o summarizing data
  • Information Storage: Information or processed data need to be stored for future use.
  • Information Retrieval: The system should be able to retrieve this information from the storage as and when required by various users.
  • Information Propagation: Information or the finished product of the MIS should be circulated to its users periodically using the organizational network.

Characteristics of MIS

Following are the characteristics of an MIS:        It should be based on a long-term planning.

  • It should provide a holistic view of the dynamics and the structure of the organization.
  • It should work as a complete and comprehensive system covering all interconnecting sub-systems within the organization.
  • It should be planned in a top-down way, as the decision makers or the management should actively take part and provide clear direction at the development stage of the MIS.
  • It should be based on need of strategic, operational and tactical information of managers of an organization.
  • It should also take care of exceptional situations by reporting such situations.
  • It should be able to make forecasts and estimates, and generate advanced information, thus providing a competitive advantage. Decision makers can take actions on the basis of such predictions.
  • It should create linkage between all sub-systems within the organization, so that the decision makers can take the right decision based on an integrated view.
  • It should allow easy flow of information through various sub-systems, thus avoiding redundancy and duplicity of data. It should simplify the operations with as much practicability as possible.
  • Although the MIS is an integrated, complete system, it should be made in such a flexible way that it could be easily split into smaller sub-systems as and when required.
  • A central database is the backbone of a well-built MIS.

Characteristics of Computerized MIS

Following are the characteristics of a well-designed computerized MIS:

  • It should be able to process data accurately and with high speed, using various techniques like operations research, simulation, heuristics, etc.
  • It should be able to collect, organize, manipulate, and update large amount of raw data of both related and unrelated nature, coming from various internal and external sources at different periods of time.
  • It should provide real time information on ongoing events without any delay.
  • It should support various output formats and follow latest rules and regulations in practice.
  • It should provide organized and relevant information for all levels of management:

strategic, operational, and tactical.

  • It should aim at extreme flexibility in data storage and retrieval.

Nature and Scope of MIS

The following diagram shows the nature and scope of MIS:

Enterprise Resource Planning (ERP)

ERP is an integrated, real-time, cross-functional enterprise application, an enterprise-wide transaction framework that supports all the internal business processes of a company.

It supports all core business processes such as sales order processing, inventory management and control, production and distribution planning, and finance.

Why of ERP?

ERP is very helpful in the following areas:

  • Business integration and automated data update
  • Linkage between all core business processes and easy flow of integration
  • Flexibility in business operations and more agility to the company
  • Better analysis and planning capabilities
  • Critical decision-making
  • Competitive advantage
  • Use of latest technologies

Features of ERP

The following diagram illustrates the features of ERP:

Scope of ERP

  • Finance: Financial accounting, Managerial accounting, treasury management, asset management, budget control, costing, and enterprise control.
  • Logistics: Production planning, material management, plant maintenance, project management, events management, etc.
  • Human resource: Personnel management, training and development, etc.
  • Supply Chain: Inventory control, purchase and order control, supplier scheduling, planning, etc.
  • Work flow: Integrate the entire organization with the flexible assignment of tasks and responsibility to locations, position, jobs, etc.

Advantages of ERP

  • Reduction of lead time
  • Reduction of cycle time
  • Better customer satisfaction
  • Increased flexibility, quality, and efficiency
  • Improved information accuracy and decision making capability
  • Onetime shipment
  • Improved resource utilization
  • Improve supplier performance
  • Reduced quality costs
  • Quick decision-making
  • Forecasting and optimization
  • Better transparency

Disadvantage of ERP

  • Expense and time in implementation
  • Difficulty in integration with other system
  • Risk of implementation failure
  • Difficulty in implementation change
  • Risk in using one vendor

Customer Relationship Management (CRM)

CRM is an enterprise application module that manages a company’s interactions with current and future customers by organizing and coordinating, sales and marketing, and providing better customer services along with technical support.

Atul Parvatiyar and Jagdish N. Sheth provide an excellent definition for customer relationship management in their work titled – ‘Customer Relationship Management: Emerging Practice, Process, and Discipline‘:

Customer Relationship Management is a comprehensive strategy and process of  acquiring, retaining, and partnering with selective customers to create superior  value for the company and the customer. It involves the integration of marketing,  sales, customer service, and the supply-chain functions of the organization to  achieve greater efficiencies and effectiveness in delivering customer value.


Why CRM?

  • To keep track of all present and future customers.
  • To identify and target the best customers.
  • To let the customers know about the existing as well as the new products and services.
  • To provide real-time and personalized services based on the needs and habits of the existing customers.
  • To provide superior service and consistent customer experience.
  • To implement a feedback system.

Scope of CRM

Advantages of CRM

  • Provides better customer service and increases customer revenues.
  • Discovers new customers.
  • Cross-sells and up-sells products more effectively.
  • Helps sales staff to close deals faster.
  • Makes call centers more efficient.
  • Simplifies marketing and sales processes.

Disadvantages of CRM

  • Sometimes record loss is a major problem.
  • Overhead costs.
  • Giving training to employees is an issue in small organizations.
Part 10: MIS Security and Ethical Issues

Part 1: MIS Basic Information Concepts Need & Objectives

MIS Basic Information Concepts

Information can be defined as meaningfully interpreted data. If we give you a number 1- 212-290-4700, it does not make any sense on its own. It is just a raw data. However if we say Tel: +1-212-290-4700, it starts making sense. It becomes a telephone number. If I gather some more data and record it meaningfully like: Address: 350 Fifth Avenue, 34th floor New York, NY 10118-3299 USA Tel: +1-212-290-4700 Fax: +1-212-736-1300

It becomes a very useful information – the address of New York office of Human Rights Watch, a non-profit, non-governmental human rights organization.

So, from a system analyst’s point of view, information is a sequence of symbols that can be construed to a useful message. An Information System is a system that gathers data and disseminates information with the sole purpose of providing information to its users. The main object of an information system is to provide information to its users. Information systems vary according to the type of users who use the system. A Management Information System is an information system that evaluates, analyzes, and processes an organization’s data to produce meaningful and useful information based on which the management can take right decisions to ensure future growth of the organization.

 Information Definition

According to Wikipedia: “Information can be recorded as signs, or transmitted as signals. Information is any kind of event that affects the state of a dynamic system that can interpret the information.

Conceptually, information is the message utter anceor expression utter anceor expression being conveyed. Therefore, in a general sense, information is “Knowledge communicated or received, concerning a particular fact or circumstance”. Information cannot be predicted and resolves uncertainty.”

Information Vs Data

Data can be described as unprocessed facts and figures. Plain collected data as raw facts cannot help in decision-making. However, data is the raw material that is organized, structured, and interpreted to create useful information systems.

Data is defined as ‘groups of non-random symbols in the form of text, images, voice representing quantities, action and objects’.

Information is interpreted data; created from organized, structured, and processed data in a particular context.

According to Davis and Olson: “Information is a data that has been processed into a form that is meaningful to recipient and is of real or perceived value in the current or the prospective action or decision of recipient.”

Information, Knowledge and Business Intelligence

Professor Ray R. Larson of the School of Information at the University of California, Berkeley, provides an Information Hierarchy, which is:

  • Data – The raw material of information.
  • Information – Data organized and presented by someone.
  • Knowledge – Information read, heard, or seen, and understood.
  • Wisdom – Distilled and integrated knowledge and understanding.

Scott Andrews’ explains Information Continuum as follows:

  • Data – A Fact or a piece of information, or a series thereof.
  • Information – Knowledge discerned from data.
  • Business Intelligence – Information Management pertaining to an organization’s policy or decision-making, particularly when tied to strategic or operational objectives.

Information/Data Collection Techniques

The most popular data collection techniques include:

  • Surveys: A questionnaires is prepared to collect the data from the field.
  • Secondary data sources or archival data: Data is collected through old records, magazines, company website etc.
  • Objective measures or tests: An experimental test is conducted on the subject and the data is collected.
  • Interviews: Data is collected by the system analyst by following a rigid procedure and collecting the answers to a set of pre-conceived questions through personal interviews.

 Classification of Information

Information can be classified in a number of ways and in this chapter, you will learn two of the most important ways to classify information.

 Classification by Characteristic

Based on Anthony’s classification of Management, information used in business for decision-making is generally categorized into three types:

  • Strategic Information: Strategic information is concerned with long term policy decisions that defines the objectives of a business and checks how well these objectives are met. For example, acquiring a new plant, a new product, diversification of business etc, comes under strategic information.
  • Tactical Information: Tactical information is concerned with the information needed for exercising control over business resources, like budgeting, quality control, service level, inventory level, productivity level etc.
  • Operational Information: Operational information is concerned with plant/business level information and is used to ensure proper conduction of specific operational tasks as planned/intended. Various operator specific, machine specific and shift specific jobs for quality control checks comes under this category.

Classification by Application

In terms of applications, information can be categorized as:

  • Planning Information: These are the information needed for establishing standard norms and specifications in an organization. This information is used in strategic, tactical, and operation planning of any activity. Examples of such information are time standards, design standards.
  • Control Information: This information is needed for establishing control over all business activities through feedback mechanism. This information is used for controlling attainment, nature and utilization of important processes in a system. When such information reflects a deviation from the established standards, the system should induce a decision or an action leading to control.
  • Knowledge Information: Knowledge is defined as “information about information”. Knowledge information is acquired through experience and learning, and collected from archival data and research studies.
  • Organizational Information: Organizational information deals with an organization’s environment, culture in the light of its objectives. Karl Weick’s Organizational Information Theory emphasizes that an organization reduces its equivocality or uncertainty by collecting, managing and using these information prudently. This information is used by everybody in the organization; examples of such information are employee and payroll information.
  • Functional/Operational Information: This is operation specific information. For example, daily schedules in a manufacturing plant that refers to the detailed assignment of jobs to machines or machines to operators. In a service oriented business, it would be the duty roster of various personnel. This information is mostly internal to the organization.
  • Database Information: Database information construes large quantities of information that has multiple usage and application. Such information is stored, retrieved and managed to create databases. For example, material specification or supplier information is stored for multiple users.

 Quality of Information

Information is a vital resource for the success of any organization. Future of an organization lies in using and disseminating information wisely. Good quality information placed in right context in right time tells us about opportunities and problems well in advance.

Good quality information: Quality is a value that would vary according to the users and uses of the information.

According to Wang and Strong, following are the dimensions or elements of Information Quality:

  • Intrinsic: Accuracy, Objectivity, Believability, Reputation
  • Contextual: Relevancy, Value-Added, Timeliness, Completeness, Amount of information
  • Representational: Interpretability, Format, Coherence, Compatibility
  • Accessibility: Accessibility, Access security

Various authors propose various lists of metrics for assessing the quality of information. Let us generate a list of the most essential characteristic features for information quality:

  • Reliability – It should be verifiable and dependable.
  • Timely – It must be current and it must reach the users well in time, so that important decisions can be made in time.
  • Relevant – It should be current and valid information and it should reduce uncertainties.
  • Accurate – It should be free of errors and mistakes, true, and not deceptive.
  • Sufficient – It should be adequate in quantity, so that decisions can be made on its basis.
  • Unambiguous – It should be expressed in clear terms. In other words, in should be comprehensive.
  • Complete – It should meet all the needs in the current context.
  • Unbiased – It should be impartial, free from any bias. In other words, it should have integrity.
  • Explicit – It should not need any further explanation.
  • Comparable – It should be of uniform collection, analysis, content, and format.
  • Reproducible – It could be used by documented methods on the same data set to achieve a consistent result.

 Information Need & Objective

Information processing beyond doubt is the dominant industry of the present century. Following factors states few common factors that reflect on the needs and objectives of the information processing:

  • Increasing impact of information processing for organizational decision making.
  • Dependency of services sector including banking, financial organization, health care, entertainment, tourism and travel, education and numerous others on information.
  • Changing employment scene world over, shifting base from manual agricultural to machine-based manufacturing and other industry related jobs.
  • Information revolution and the overall development scenario.
  • Growth of IT industry and its strategic importance.
  • Strong growth of information services fuelled by increasing competition and reduced product life cycle.
  • Need for sustainable development and quality life.
  • Improvement in communication and transportation brought in by use of information processing.
  • Use of information processing in reduction of energy consumption, reduction in pollution and a better ecological balance in future.
  • Use of information processing in land record managements, legal delivery system, educational institutions, natural resource planning, customer relation management and so on.

In a nutshell:

  • Information is needed to survive in the modern competitive world.
  • Information is needed to create strong information systems and keep these systems up to date. Implications of Information in Business Information processing has transformed our society in numerous ways. From a business perspective, there has been a huge shift towards increasingly automated business processes and communication. Access to information and capability of information processing has helped in achieving greater efficiency in accounting and other business processes. A complete business information system, accomplishes the following functionalities:
  • Collection and storage of data.
  • Transform these data into business information useful for decision making.
  • Provide controls to safeguard data.
  • Automate and streamline reporting. The following list summarizes the five main uses of information by businesses and other organizations:
  • Planning – At the planning stage, information is the most important ingredient in decision making. Information at planning stage includes that of business resources, assets, liabilities, plants and machineries, properties, suppliers, customers, competitors, market and market dynamics, fiscal policy changes of the Government, emerging technologies, etc.
  • Recording – Business processing these days involves recording information about each transaction or event. This information collected, stored and updated regularly at the operational level.
  • Controlling – A business need to set up an information filter, so that only filtered data is presented to the middle and top management. This ensures efficiency at the operational level and effectiveness at the tactical and strategic level.
  • Measuring – A business measures its performance metrics by collecting and analyzing sales data, cost of manufacturing, and profit earned.
  • Decision-making – MIS is primarily concerned with managerial decision-making, theory of organizational behavior, and underlying human behavior in organizational context. Decision-making information includes the socio-economic impact of competition, globalization, democratization, and the effects of all these factors on an organizational structure.

In short, this multi-dimensional information evolves from the following logical foundations:

  • Operations research and management science
  • Theory of organizational behavior
  • Computer science: o Data and file structure o Data theory design and implementation 9 o Computer networking o Expert systems and artificial intelligence
  • Information theory Following factors arising as an outcome of information processing help speed up of business events and achieves greater efficiency:
  • Directly and immediate linkage to the system
  • Faster communication of an order
  • Electronic transfer of funds for faster payment
  • Electronically solicited pricing helps in determining the best price helps in determining the best price

MIS Need for Information Systems

Managers make decisions. Decision-making generally takes a four-fold path:

  • Understanding the need for decision or the opportunity,
  • Preparing alternative course of actions,
  • Evaluating all alternative course of actions,
  • Deciding the right path for implementation.

MIS is an information system that provides information in the form of standardized reports and displays for the managers. MIS is a broad class of information systems designed to provide information needed for effective decision making.

Data and information created from an accounting information system and the reports generated thereon are used to provide accurate, timely and relevant information needed for effective decision making by managers.

Management information systems provide information to support management decision making, with the following goals:

  • Pre-specified and preplanned reporting to managers.
  • Interactive and ad-hoc support for decision making.
  • Critical information for top management.

MIS is of vital importance to any organization, because:

  • It emphasizes on the management decision making, not only processing of data generated by business operations.
  • It emphasizes on the systems framework that should be used for organizing information systems applications.