Sie sind auf Seite 1von 22

Chapter 4 Ethical and Social Issues in Information Systems

Review Questions
1. What ethical, social, and political issues are raised by information systems? Explain how ethical, social, and political issues are connected and give some examples. Information technology has raised new possibilities for behavior for which laws and rules of acceptable conduct have not yet been developed. The introduction of new information technology has a ripple effect, raising new ethical, social, and political issues that must be dealt with on the individual, social, and political levels. Ethical, social, and political issues are closely related. Ethical issues confront individuals who must choose a course of action, often in a situation in which two or more ethical principles are in conflict (a dilemma). Social issues spring from ethical issues as societies develop expectations in individuals about the correct course of action. Political issues spring from social conflict and are mainly concerned with using laws that prescribe behavior to create situations in which individuals behave correctly.

These include: information rights and obligations, property rights and obligations, accountability and control, system quality, and quality of life. List and describe the key technological trends that heighten ethical concerns. These trends include: Computing power doubles every 18 months Data storage costs rapidly declining Data analysis advances Networking advances and the Internet Increasing computer power, storage, and networking capabilities including the Internet can expand the reach of individual and organizational actions and magnify their impacts. The ease and anonymity with which information can be communicated, copied, and manipulated in online environments are challenging traditional rules of right and wrong behavior.

Differentiate between responsibility, accountability, and liability. Responsibility is a key element of ethical actions. Responsibility means that you accept the potential costs, duties, and obligations for the decisions you make. Accountability is a feature of systems and social institutions. It means that mechanisms are in place to determine who took responsible action. Liability is a feature of political systems in which a body of laws is in place that permits individuals to recover the damages done to them by other actors, systems, or organizations. 2. What specific principles for conduct can be used to guide ethical decisions? List and describe the five steps in an ethical analysis. The five steps in ethical analysis include: Identify and describe clearly the facts. Define the conflict or dilemma and identify the higher-order values involved. Identify the stakeholders. Identify the options that you can reasonably take. Identify the potential consequences of your options. Identify and describe six ethical principles. Six ethical principles are available to judge conduct. These principles are derived independently from several cultural, religious, and intellectual traditions and include: Golden Rule. Do unto others as you would have them do unto you Immanuel Kants Categorical Imperative. If an action is not right for everyone to take, it is not right for anyone Descartes Rule of Change. If an action cannot be taken repeatedly, it is not right to take at all Utilitarian Principle. Take the action that achieves the higher or greater value Risk Aversion Principle. Take the action that produces the least harm or the least potential cost No Free Lunch Rule. Assume that virtually all tangible and intangible objects are owned by someone else unless there is a specific declaration otherwise. These principles should be used in conjunction with an ethical analysis to guide decision making. The ethical analysis involves identifying the facts, values, stakeholders, options, and consequences of actions. Once completed, you can consider which ethical principle to apply to a situation to arrive at a judgment. 3. Why do contemporary information systems technology and the Internet pose challenges to the protection of individual privacy and intellectual property? Define privacy and fair information practices. Privacy is the claim of individuals to be left alone, free from surveillance or interference from other individuals or organizations, including the state. Claims of privacy are also involved at the workplace. Fair information practices is a set of principles governing the collection and use of information about individuals. FIP principles are based on the notion of a mutuality of interest between the record holder and the individual.

Explain how the Internet challenges the protection of individual privacy and intellectual property. Contemporary information systems technology, including Internet technologies, challenges traditional regimens for protecting individual privacy and intellectual property. Data storage and data analysis technology enables companies to easily gather personal data about individuals from many different sources and analyze these data to create detailed electronic profiles about individuals and their behaviors. Data flowing over the Internet can be monitored at many points. The activities of Web site visitors can be closely tracked using cookies, Web beacons, and other Web monitoring tools. Not all Web sites have strong privacy protection policies, and they do not always allow for informed consent regarding the use of personal information. List and define three different regimes that protect intellectual property rights? Intellectual property is subject to a variety of protections under three different legal traditions: Trade secrets Copyright Patent law Traditional copyright laws are insufficient to protect against software piracy because digital material can be copied so easily. Internet technology also makes intellectual property even more difficult to protect because digital material can be copied easily and transmitted to many different locations simultaneously over the Net. Web pages can be constructed easily using pieces of content from other Web sites without permission. 4. How have information systems affected everyday life? Explain why it is so difficult to hold software services liable for failure or injury. In general, insofar as computer software is part of a machine, and the machine injures someone physically or economically, the producer of the software and the operator can be held liable for damages. Insofar as the software acts like a book, storing and displaying information, courts have been reluctant to hold authors, publishers, and booksellers liable for contents (the exception being instances of fraud or defamation), and hence courts have been wary of holding software authors liable for book-like software. In general, it is very difficult (if not impossible) to hold software producers liable for their software products that are considered to be like books, regardless of the physical or economic harm that results. Historically, print publishers, books, and periodicals have not been held liable because of fears that liability claims would interfere with First Amendment rights guaranteeing freedom of expression. Software is very different from books. Software users may develop expectations of infallibility about software; software is less easily inspected than a book, and it is more difficult to compare with other software products for quality; software claims actually to perform a task rather than describe a task, as a book does; and people come to depend on services essentially based on software. Given the centrality of software to everyday life, the chances are excellent that liability law will extend its reach to include software even when the software merely provides an information service. List and describe the principal causes of system quality problems? Three principle sources of poor system performance are: Software bugs and errors Hardware or facility failures caused by natural or other causes Poor input data quality

Zero defects in software code of any complexity cannot be achieved and the seriousness of remaining bugs cannot be estimated. Hence, there is a technological barrier to perfect software, and users must be aware of the potential for catastrophic failure. The software industry has not yet arrived at testing standards for producing software of acceptable but not perfect performance. Although software bugs and facility catastrophes are likely to be widely reported in the press, by far the most common source of business system failure is data quality. Few companies routinely measure the quality of their data, but individual organizations report data error rates ranging from 0.5 to 30 percent. Name and describe four quality-of-life impacts of computers and information systems. Four quality of life impacts of computers and information systems include: Jobs can be lost when computers replace workers or tasks become unnecessary in reengineered business processes. Ability to own and use a computer may be exacerbating socioeconomic disparities among different racial groups and social classes. Widespread use of computers increases opportunities for computer crime and computer abuse. Computers can create health problems, such as repetitive stress injury, computer vision syndrome, and technostress. Define and describe technostress and RSI and explain their relationship to information technology. Technostress is defined as stress induced by computer use; symptoms include aggravation, hostility toward humans, impatience, and fatigue. Repetitive stress injury (RSI) is avoidable. Three management actions that could reduce RSI injuries include: Designing workstations for a neutral wrist position, using proper monitor stands, and footrests all contribute to proper posture and reduced RSI. Using ergonomically designed devices such as keyboards and mice are also options. Promoting and supporting frequent rest breaks and rotation of employees to different jobs.

Chapter 8 Securing Information Systems

1. Why are information systems vulnerable to destruction, error, and abuse? List and describe the most common threats against contemporary information systems. The most common threats against contemporary information systems include: technical, organizational, and environmental factors compounded by poor management decisions. Figure below includes the following:

Technical: Unauthorized access, introducing errors Communications: Tapping, sniffing, message alternation, theft and fraud, radiation Corporate servers: Hacking, viruses and worms, theft and fraud, vandalism, denial of service attacks Corporate systems: Theft of data, copying data, alteration of data, hardware failure, and software failure. Power failures, floods, fires, or other natural disasters can also disrupt computer systems. Poor management decisions: Poorly designed safeguards that protect valuable data from being lost, destroyed, or falling into the wrong hands.

Define malware and distinguish among a virus, a worm, and a Trojan horse. Malware (for malicious software) is any program or file that is harmful to a computer user. Thus, malware includes computer viruses, worms, Trojan horses, and also spyware programs that gather information about a computer user without permission. Virus: A program or programming code that replicates itself by being copied or initiating its copying to another program, computer boot sector or document. Worm: A self-replicating virus that does not alter files but resides in active memory and duplicates itself without human intervention. Trojan horse. A program in which malicious or harmful code is contained inside apparently harmless programming or data. A Trojan horse is not itself a virus because it does not replicate but is often a way for viruses or other malicious code to be introduced into a computer system. Define a hacker and explain how hackers create security problems and damage systems. A hacker is an individual who gains unauthorized access to a computer system by finding weaknesses in security protections used by Web sites and computer systems. Hackers not only threaten the security of computer systems, but they also steal goods and information, as well as damage systems and commit

cybervandalism. They may intentionally disrupt, deface, or even destroy a Web site or corporate information system. Define computer crime. Provide two examples of crime in which computers are targets and two examples in which computers are used as instruments of crime. The Department of Justice defines computer crime as any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution. Computer crime is defined as the commission of illegal acts through the use of a computer or against a computer system. Computers as targets of crime: Breaching the confidentiality of protected computerized data Accessing a computer system without authority Knowingly accessing a protected computer to commit fraud Intentionally accessing a protected computer and causing damage, negligently or deliberately Knowingly transmitting a program, program code, or command that intentionally causes damage to a protected computer Threatening to cause damage to a protected computer Computers as instruments of crime: Theft of trade secrets Unauthorized copying of software or copyrighted intellectual property, such as articles, books, music, and video Schemes to defraud Using e-mail for threats or harassment Internationally attempting to intercept electronic communication Illegally accessing stored electronic communications, including e-mail and voice mail Transmitting or processing child pornography using a computer Define identity theft and phishing and explain why identity theft is such a big problem today. Identity theft is a crime in which an imposter obtains key pieces of personal information, such as social security identification number, drivers license number, or credit card numbers, to impersonate someone else. The information may be used to obtain credit, merchandise, or services in the name of the victim or to provide the thief with false credentials. It is a big problem today as the Internet has made it easy for identity thieves to use stolen information because goods can be purchased online without any personal interaction. Credit card files are a major target of Web site hackers. Moreover, e-commerce sites are wonderful sources of customer personal information that criminals can use to establish a new identity and credit for their own purposes. Phishing involves setting up fake Web sites or sending e-mail messages that look like those of legitimate businesses to ask users for confidential personal data. The e-mail instructs recipients to update or confirm records by providing social security numbers, bank and credit card information, and other confidential data either by responding to the e-mail message or by entering the information at a bogus Web site. New phishing techniques such as evil twins and pharming are very hard to detect. Describe the security and system reliability problems created by employees. The largest financial threats to business institutions come from employees. Some of the largest disruptions to service, destruction of e-commerce sites, and diversion of customer credit data and personal information

have come from insiders. Employees have access to privileged information, and in the presence of sloppy internal security procedures, they are often able to roam throughout an organizations systems without leaving a trace. Many employees forget their passwords to access computer systems or allow other coworkers to use them, which compromises the system. Malicious intruders seeking system access sometimes trick employees into revealing their passwords by pretending to be legitimate members of the company in need of information (social engineering). Employees can introduce errors by entering faulty data or by not following proper instructions for processing data and using computer equipment. Information specialists can also create software errors as they design and develop new software or maintain existing programs. Explain how software defects affect system reliability and security. The software can fail to perform, perform erratically, or give erroneous results because of undetected bugs. A control system that fails to perform can mean medical equipment that fails or telephones that do not carry messages or allow access to the Internet. A business system that fails means customers are under- or overbilled. Or, it could mean that the business orders more inventory than it needs. Or an automobiles braking system may fail. Major quality problems are the bugs or defects caused by incorrect design. The other problem is maintenance of old programs caused by organizational changes, system design flaws, and software complexity. Bugs in even mildly complex programs can be impossible to find in testing, making them hidden bombs. 2. What is the business value of security and control? Explain how security and control provide value for businesses. Security refers to the policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. Controls consist of all the methods, policies, and organizational procedures that ensure the safety of the organizations assets; the accuracy and reliability of its account records; and operational adherence to management standards. The business value of security and control: Firms relying on computer systems for their core business functions can lose sales and productivity. Information assets, such as confidential employee records, trade secrets, or business plans, lose much of their value if they are revealed to outsiders or if they expose the firm to legal liability. 3. What are the components of an organizational framework for security and control? Define general controls and describe each type of general control. General controls govern the design, security, and use of computer programs and the security of data files in general throughout the organizations information technology infrastructure. They apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment. General controls include software controls, physical hardware controls, computer operations controls, data security controls, controls over implementation of system processes, and administrative controls. Table 8.3 describes each type of general control.

Define application controls and describe each type of application control. Application controls are specific controls unique to each computerized application. They include both automated and manual procedures that ensure that only authorized data are completely and accurately processed by that application. Application controls can be classified as: Input controls: Check data for accuracy and completeness when they enter the system. There are specific input controls for input authorization, data conversion, data editing, and error handling. Processing controls: Establish that data are complete and accurate during updating. Output controls: Ensure that the results of computer processing are accurate, complete, and properly distributed. Describe the function of risk assessment and explain how it is conducted for information systems. A risk assessment determines the level of risk to the firm if a specific activity or process is not properly controlled. Business managers working with information systems specialists can determine the value of information assets, points of vulnerability, the likely frequency of a problem, and the potential for damage. Controls can be adjusted or added to focus on the areas of greatest risk. An organization does not want to over-control areas where risk is low and under-control areas where risk is high. Security risk analysis involves determining what you need to protect, what you need to protect it from, and how to protect it. It is the process of examining all of the firms risks, and ranking those risks by level of severity. This process involves making cost-effective decisions on what you want to protect. The old security adage says that you should not spend more to protect something than it is actually worth. Two elements of a risk analysis that should be considered are: (1) identifying the assets and (2) identifying the threats. For each asset, the basic goals of security are availability, confidentiality, and integrity. Each threat should be examined with an eye on how the threat could affect these areas. One step in a risk analysis is to identify all the things that need to be protected. Some things are obvious, like all the various pieces of hardware, but some are overlooked, such as the people who actually use the systems. The essential point is to list all things that could be affected by a security problem. Define and describe the following: Security policy, acceptable use policy, and identity management. A security policy consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals. The security policy drives policies determining acceptable use of the firms information resources and which members of the company have access to its information assets. An acceptable use policy (AUP) defines acceptable uses of the firms information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet. The policy should clarify company policy regarding privacy, user responsibility, and personal use of company equipment and networks. A good AUP defines unacceptable and acceptable actions for each user and specifies consequences for noncompliance. Identity management consists of business processes and software tools for identifying valid system users and controlling their access to system resources. It includes policies for identifying and authorizing different categories of system users, specifying what systems or portions of systems each user is allowed to access, and the processes and technologies for authenticating users and protecting their identities.

Explain how MIS auditing promotes security and control. Comprehensive and systematic MIS auditing organizations determine the effectiveness of security and controls for their information systems. An MIS audit identifies all of the controls that govern individual information systems and assesses their effectiveness. Control weaknesses and their probability of occurrence will be noted. The results of the audit can be used as guidelines for strengthening controls, if required. 4. What are the most important tools and technologies for safeguarding information resources? Name and describe three authentication methods. Authentication refers to the ability to know that a person is who he or she claims to be. Some methods are described below: What you know: Passwords known only to the authorized users. What you have: o Token is a physical device that is designed to provide the identity of a single user o Smart card is a device that contains a chip formatted with access permission and other data. What you are: Biometrics is based on the measurement of a physical or behavioral trait that makes each individual unique. Describe the roles of firewalls, intrusion detection systems, and antivirus software in promoting security. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic. Firewalls prevent unauthorized users from accessing internal networks. They protect internal systems by monitoring packets for the wrong source or destination, or by offering a proxy server with no access to the internal documents and systems, or by restricting the types of messages that get through, for example, e-mail. Further, many authentication controls have been added for Web pages as part of firewalls. Intrusion detection systems monitor the most vulnerable points or hot spots in a network to detect and deter unauthorized intruders. These systems often also monitor events as they happen to look for security attacks in progress. Sometimes they can be programmed to shut down a particularly sensitive part of a network if it receives unauthorized traffic. Antivirus software is designed to check computer systems and drives for the presence of computer viruses and worms and often eliminates the malicious software, whereas antispyware software combats intrusive and harmful spyware programs. Often the software can eliminate the virus from the infected area. To be effective, antivirus software must be continually updated. Explain how encryption protects information. Encryption, the coding and scrambling of messages, is a widely used technology for securing electronic transmissions over the Internet and over Wi-Fi networks. Encryption offers protection by keeping messages or packets hidden from the view of unauthorized readers. Encryption is crucial for ensuring the success of electronic commerce between the organization and its customers and between the organization and its vendors.

Describe the role of encryption and digital certificates in a public key infrastructure. Digital certificates combined with public key encryption provide further protection of electronic transactions by authenticating a users identify. Digital certificates are data fields used to establish the identity of the sender and to provide the receiver with the means to encode a reply. They use a trusted third party known as a certificate authority to validate a users identity. Both digital signatures and digital certificates play a role in authentication. Authentication refers to the ability of each party to know that the other parties are who they claim to be. Distinguish between fault-tolerant and high-availability computing, and between disaster recovery planning and business continuity planning. Fault-tolerant computer systems contain redundant hardware, software, and power supply components that can back the system up and keep it running to prevent system failure. Some systems simply cannot be allowed to stop, such as stock market systems or some systems in hospitals. Fault-tolerant computers contain extra memory chips, processors, and disk storage devices to backup a system and keep it running. They also can use special software routings or self-checking logic built into their circuitry to detect hardware failures and automatically switch to a backup device. High-availability computing, though also designed to maximize application and system availability, helps firms recover quickly from a crash. Fault tolerance promises continuous availability and the elimination of recovery time altogether. High-availability computing environments are a minimum requirement for firms with heavy electronic commerce processing requirements or for firms that depend on digital networks for their internal operations. Disaster recovery planning devises plans for the restoration of computing and communications services after they have been disrupted by an event such as an earthquake, flood, or terrorist attack. Disaster recovery plans focus primarily on the technical issues involved in keeping systems up and running, such as which files to back up and the maintenance of backup computer systems or disaster recovery services. Business continuity planning focuses on how the company can restore business operations after a disaster strikes. The business continuity plan identifies critical business processes and determines action plans for handling mission-critical functions if systems go down. Identify and describe the security problems posed by cloud computing. Accountability and responsibility for protection of sensitive data reside with the company owning that data even though its stored offsite. The company needs to make sure its data are protected at a level that meets corporate requirements. The company should stipulate to the cloud provider how its data is stored and processed in specific jurisdictions according to the privacy rules of those jurisdictions. The company needs to verify with the cloud provider how its corporate data is segregated from data belonging to other companies and ask for proof that encryption mechanisms are sound. The company needs to verify how the cloud provider will respond if a disaster strikes. Will the cloud provider be able to completely restore the companys data and how long will that take? Will the cloud provider submit to external audits and security certifications? Describe measures for improving software quality and reliability. Using software metrics and rigorous software testing are two measure for improving software quality and reliability. Software metrics are objective assessments of the system in the form of quantified measurements. Metrics allow an information systems department and end users to jointly measure the performance of a system and

identify problems as they occur. Metrics must be carefully designed, formal, objective, and used consistently. Examples of software metrics include: Number of transactions that can be processed in a specified unit of time Online response time Number of known bugs per hundred lines of program code Early, regular, and thorough testing will contribute significantly to system quality. Testing can prove the correctness of work but also uncover errors that always exist in software. Testing can be accomplished through the use of: Walkthroughs: A review of a specification or design document by a small group of people Coding walkthroughs: Once developers start writing software, these can be used to review program code. Debugging: When errors are discovered, the source is found and eliminated

Chapter 9 Achieving Operational Excellence and Customer Intimacy: Enterprise Applications

1. How do enterprise systems help businesses achieve operational excellence? Define an enterprise system and explain how enterprise software works. Enterprise software consists of a set of interdependent software modules that support basic internal business processes. The software allows data to be used by multiple functions and business processes for precise organizational coordination and control. Organizations implementing this software would have to first select the functions of the system they wish to use and then map their business processes to the predefined business processes in the software. A particular firm would use configuration tables provided by the software to tailor a particular aspect of the system to the way it does business. Table 9.1 describes some of the major business processes supported by enterprise software. These include financial and accounting processes, human resources processes, manufacturing and production processes, and sales and marketing processes. Describe how enterprise systems provide value for a business. Enterprise systems provide value both by increasing operational efficiency and by providing firmwide information to help managers make better decisions. Large companies with many operating units in different locations have used enterprise systems to enforce standard practices and data so that everyone does buisness the same way. Enterprise systems helps firms respond rapidly to customer requests for information or products. Manufacturing is better informed about producing only what customers have ordered, procuring exactly the right amount of components or raw materials to fill actual orders, staging production, and minimizing the time that components or finished products are in inventory. Enterprise software includes analytical tools for using data captured by the system to evaluate overall organizational performance. Enterprise system data has common standardized definitions and formats that are accepted by the entire organization. Enterprise systems allow senior management to easily find out at any moment how a particular organizational unit is performing or to determine which products are most or least profitable. Companies can use enterprise systems to support organizational structures that were not previously possible or to create a more disciplined organizational culture. They can also improve management reporting and decision making. Furthermore, enterprise systems promise to provide firms with a single, unified, and allencompassing information system technology platform and environment. Lastly, enterprise systems can help create the foundation for a customer-driven organization 2. How do supply chain management systems coordinate planning, production, and logistics with suppliers? Define a supply chain and identify each of its components. A supply chain is defined as a network of organizations and business processes for procuring materials, transforming raw materials into intermediate and finished products, and distributing the finished products to customers. It links suppliers, manufacturing plants, distribution centers, retail outlets, and customers to supply goods and services from source through consumption. Supply chain management is the integration of supplier, distributor, and customer logistics requirements into one cohesive process.

Explain how supply chain management systems help reduce the bullwhip effect and how they provide value for a business. The bullwhip effect occurs when information about the demand for a product gets distorted as it passes from one entity to the next across the supply chain. It can also result from gaming, as purchasers present manufacturers or suppliers with a false picture of consumer demand. It can be dealt with by reducing uncertainties about demand and supply when all the players in a supply chain have accurate and up-to-date information. Define and compare supply chain planning systems and supply chain execution systems. Supply chain planning systems enable the firm to generate demand forecasts for a product and to develop sourcing and manufacturing plans for that product. They help companies make better operating decisions such as determining how much of a specific product to manufacture in a given time period; establishing inventory levels for raw materials, intermediate products, and finished goods; determining where to store finished goods; and identifying the transportation mode to use for product delivery. One of the most important functions is demand planning, which determines how much product a business needs to make to satisfy all of its customers demands. These functions are referred to as order planning, advanced scheduling, demand planning, distribution planning, and transportation planning. Supply chain execution systems manage the flow of products through distribution centers and warehouses to ensure that products are delivered to the right locations in the most efficient manner. They track the physical status of goods, the management of materials, warehouse and transportation operations, and financial information involving all parties. These functions are referred to as order commitments, final production, replenishment, distribution management, and reverse distribution. Describe the challenges of global supply chains and how Internet technology can help companies manage them better. Firms use intranets to improve coordination among their internal supply chain processes, and they can use extranets to coordinate supply chain processes shared with their business partners. Using intranets and extranets (both based on Internet technology), all members of the supply chain can instantly communicate with each other, using up-to-date information to adjust purchasing, logistics, manufacturing, packaging, and schedules. A manager can use a Web interface to tap into suppliers systems to determine whether inventory and production capabilities match demand for the firms products. Business partners can use Web-based supply chain management tools to collaborate online with suppliers and customers. Sales representatives can access suppliers production schedules and logistics information to monitor customers order status. The Internet has introduced new ways of managing warehousing, shipping, and packaging based on access to supply chain information that can give companies an edge in delivering goods and services at a reasonable cost. Distinguish between a push-based and pull-based model of supply chain management and explain how contemporary supply chain management systems facilitate a pull-based model. In a push-based model, production master schedules are based on forecasts or best guesses of demand for products, and products are pushed to customers. In a pull-based model, actual customer orders or purchases trigger events in the supply chain. In contemporary supply chain management systems, the Internet and Internet technology make it possible to move from sequential supply chains, where information and materials flow sequentially from company to company, to concurrent supply chains, where information flows in many directions simultaneously among

members of a supply chain network. Members of the network immediately adjust to changes in schedules or orders. 3. How do customer relationship management systems help firms achieve customer intimacy? Define customer relationship management and explain why customer relationships are so important today. Customer relationship management: A business and technology discipline that uses information systems to coordinate all of the business processes surrounding the firms interaction with its customers in sales, marketing, and service. Importance of customer relationships: Globalization of business, the Internet, and electronic commerce have put more power in the hands of customers. Companies realize that their only enduring competitive strength may be their relationships with their customers. Some say that the basis of competition has switched from who sells the most products and services to who owns the customer, and that customer relationships represent the firms most valuable asset. Describe how partner relationship management (PRM) and employee relationship management (ERM) are related to customer relationship management (CRM)? CRM systems capture and integrate customer data from all over the organization, consolidate the data, analyze the data, and then distribute the results to various systems and customer touch points across the enterprise. Companies can use this customer knowledge when they interact with customers to provide them with better service or to sell new products and services. CRM systems integrate and automate many customer-facing processes in sales, marketing, and customer service, providing an enterprise-wide view of customers. These systems track all of the ways in which a company interacts with its customers and analyze these interactions to maximize customer lifetime value for the firm. CRM extends to a firms business partners who are responsible for selling to customers. The more comprehensive CRM packages contain modules for partner relationship management (PRM) and employee relationship management (ERM). PRM uses many of the same data, tools, and systems as CRM to enhance collaboration between a company and its selling partners. If a company does not sell directly to customers but rather works through distributors or retailers, PRM helps these channels sell to customers directly. ERM software deals with employee issues that are closely related to CRM, such as setting objectives, employee performance management, performance-based compensation, and employee training. Describe the tools and capabilities of customer relationship management software for sales, marketing, and customer service. Customer relationship management systems typically provide software and online tools for sales, customer service, and marketing. Refer to Figure 9-8 for a diagram of the business processes that CRM software supports for sales, marketing, and service. Capabilities include the following: Sales: Sales force automation modules in CRM systems help sales staff increase their productivity by focusing sales efforts on the most profitable customers, those who are good candidates for sales and services. Provide sales prospect and contact information, product information, product configuration capabilities, and sales quote generation capabilities.

Enable sales, marketing, and delivery departments to easily share customer and prospect information. Increase salespeoples efficiency in reducing the cost per sale as well as the cost of acquiring new customers and retaining old ones. Capabilities for sales, forecasting, territory management, and team selling. Supports direct-marketing campaigns by providing capabilities for capturing prospect and customer data, for providing product and service information, for qualifying leads for targeted marketing, and for scheduling and tracking direct-marketing mailings or e-mail.

Customer Service: Provide information and tools to make call centers, help desks, and customer support staff more efficient. Includes capabilities for assigning and managing customer service requests. May also include Web-based self-service capabilities. Marketing: Support direct-marketing campaigns by providing capabilities for capturing prospects and customer data, for providing product and service information for qualifying leads for targeted marketing, and for scheduling and tracking direct-marketing mailings or e-mail. Includes tools for analyzing marketing and customer data. Identifies profitable and unprofitable customers, designs products and services to satisfy specific customer needs and interests, and identifies opportunities for cross-selling, up-selling, and bundling. Distinguish between operational and analytical CRM. Operational CRM includes customer-facing applications such as tools for sales force automation, call center and customer service support, and marketing automation. Analytical CRM includes applications that analyze customer data generated by operational CRM applications to provide information for improving business performance management. Applications are based on data warehouses that consolidate data from operational CRM systems and customer touch points. The database serves online analytical processing, data mining, and other data analysis techniques. Provides information related to customer lifetime values. 4. What are the challenges posed by enterprise applications? List and describe the challenges posed by enterprise applications. Enterprise applications are very difficult to implement successfully. They require extensive organizational change, expensive new software investments, and careful assessment of how these systems will enhance organizational performance. Enterprise applications require both deep-seated technological changes and fundamental changes in business operations. Employees must accept new job functions and responsibilities. They must learn new work activities and understand how data they enter into the system can affect other parts of the company. Enterprise applications introduce switching costs that make it very expensive to switch vendors. Multiple organizations will share information and business processes. Management vision and foresight are required to take a firm- and industry-wide view of problems and to find solutions that realize strategic value from the investment. Explain how these challenges can be addressed. Enterprise applications create new interconnections among myriad business processes and data flows inside the firm (and in the case of supply chain management systems, between the firm and its external supply chain partners). Employees require training to prepare for new procedures and roles. Attention to data

management is essential. Management must understand the impact that implementing enterprise applications will have on every facet of the business. Executives must not underestimate the time and costs of implementation, not just on the organization but also on customers, suppliers, and business partners.

5. How are enterprise applications used in platforms for new cross-functional services? Define a service platform and describe the tools for integrating data from enterprise applications. Service platforms integrate multiple applications from business functions, units, or partners to deliver a seamless experience for customers, employee, managers, or business partners. They provide complete information to everyone involved in a process from beginning to end. The service platforms can be further integrated into an enterprise-wide composite process. The applications can be integrated with older legacy applications and systems from other vendors through the use of middleware, XML, and Web services tools. Portals provide frameworks for building new composite services and presenting them to users as though the information is coming from a single source. How are enterprise applications taking advantage of cloud computing, wireless technology, Web 2.0, and open source technology? Enterprise applications are moving towards integration of open source technology and cloud computing capacity. Small- and midsize-companies embrace these applications because they are cheaper and easier to implement. They dont require as much upfront infrastructure investment as traditional in-house enterprise applications. Customer relationship management applications are the primary type of enterprise applications adopted by companies. Enterprise solutions, enterprise suites, or e-business suites let businesses tie together their CRM, SCM, and enterprise systems to each other and to systems of customers and suppliers. These next generation enterprise systems utilize Web 2.0 services and service-oriented architectures. Enterprise system software manufacturers also link the programs to function-specific Web services through Web sites. Some functions and data-driven processes are available to users through wireless connections like laptops, smartphones, and tablet computers.

Chapter 11 Managing Knowledge

1. What is the role of knowledge management and knowledge management programs in business? Define knowledge management and explain its value to businesses. Knowledge management is the set of processes developed in an organization to create, gather, store, maintain, transfer, apply, and disseminate the firms knowledge. Knowledge management promotes organizational learning and incorporates knowledge into its business processes and decision making. As the textbook points out, knowledge management enables the organization to learn from its environment and incorporate this new knowledge into its business processes. Knowledge management helps firms do things more effectively and efficiently, and cannot be easily duplicated by other organizations. This in-house knowledge is a very valuable asset and is a major source of profit and competitive advantage Describe the important dimensions of knowledge. Knowledge is a firm asset: An intangible asset; requires organizational resources; experiences network effects as its value increases as more people share it. Knowledge has different forms: Can be either tacit or explicit; involves know-how, craft, and skill; involves knowing how to follow procedures; involves knowing why, not simply when, things happen. Knowledge has a location: Its a cognitive event involving mental models and maps of individuals; has both a social and an individual basis of knowledge; is sticky, situated, and contextual. Knowledge is situational: Its conditional; its related to context.

Distinguish between data, knowledge, and wisdom and between tacit knowledge and explicit knowledge. Data by itself has no meaning but is the first step in the creation of knowledge. Knowledge includes concepts, experience, and insight that provide a framework for creating, evaluating, and using information. Wisdom is the collective and individual experience of applying knowledge to the solution of problems. Explicit knowledge is knowledge that has been documented whereas tacit knowledge is the expertise and experience of organizational members that has not been formally documented Describe the stages in the knowledge management value chain. Acquire: Knowledge discovery, data mining, neural networks, genetic algorithms, knowledge workstations, expert knowledge networks Store: Document management systems, knowledge databases, expert systems Disseminate: Intranet portals, push email reports, search engines, collaboration Apply: Decision support systems, enterprise applications

2. What types of systems are used for enterprise-wide knowledge management and how do they provide value for businesses? Define and describe the various types of enterprise-wide knowledge management systems and explain how they provide value for businesses. There are three types of knowledge management systems: Enterprise-wide knowledge management systems are general-purpose, firmwide efforts that collect, store, distribute, and apply digital content and knowledge. These systems include capabilities for searching for information, storing both structured and unstructured data, and locating employee expertise within the firm. They also include supporting technologies such as portals, search engines, collaboration tools, and learning management systems. Structured knowledge systems provide databases and tools for organizing and storing structured documents, whereas semistructured knowledge systems provide databases and tools for organizing and storing semistructured knowledge, such as e-mail or rich media. Knowledge network systems provide an online directory of corporate experts in well-defined knowledge domains and use communication technologies to make it easy for employees to find the appropriate expert in a company. Some knowledge network systems go further by systematizing the solutions developed by experts and then storing the solutions in a knowledge database as a bestpractices or frequently asked questions (FAQ) repository. Often these systems include group collaboration tools, portals to simplify information access, search tools, and tools for classifying information based on a taxonomy that is appropriate for the organization. Intelligent techniques help discover patterns and apply knowledge to discrete decisions and knowledge domains. It uses tools like data mining, neural networks, experts systems, case-based reasoning, fuzzy logic, genetic algorithms, and intelligent agents (bots) to capture individual and collective knowledge and to extend their knowledge base.

Describe the role of the following in facilitating knowledge management: Portals, wikis, social bookmarking, and learning management systems. Portals provide access to external sources of information like news feeds and research, as well as to internal knowledge resources along with capabilities for email, chat/instant messaging, discussion groups, and videoconferencing. Wikis provide a central repository for all types of corporate data that can be displayed in a Web browser, including electronic pages of documents, spreadsheets, and electronic slides. They can embed e-mail and instant messages. Even if wikis are changed, the software tracks the changes and provides tools for reverting to earlier versions. Social bookmarking lets users save bookmarks to Web pages on a public Web site and tag these bookmarks with keywords. The bookmarks can be shared with co-workers, managers, customers, suppliers, and business partners. Learning management systems provide tools for the management, delivery, tracking, and assessment of various types of employee learning. These systems provide value to the business by reducing the time and cost to acquire and utilize knowledge and by providing knowledge for higher-quality decisions

3. What are the major types of knowledge work systems and how do they provide value for firms? Define knowledge work systems and describe the generic requirements of knowledge work systems. Knowledge work systems (KWS) are specialized systems for engineers, scientists, and other knowledge workers that are designed to promote the creation of knowledge and to ensure that new knowledge and technical expertise are properly integrated into the business. These systems reflect the special needs of knowledge workers. In this day and age, knowledge work is critical to most organizations, and in some organizations knowledge work systems produce strategic advantage or the knowledge that enables their company to keep up with others who are trying for strategic advantages. KWS must have adequate computing power to handle the specialized tasks and complex calculations, provide easy access to external databases to support research, and present a user-friendly interface. KWS software uses intensive graphics, analysis, document management, and communications capabilities. These capabilities can increase the productivity of highly paid knowledge workers. KWS often run on workstations that are customized for the work they must perform. Computer-aided design (CAD) systems and virtual reality systems, which create interactive simulations that behave like the real world, require graphics and powerful modeling capabilities. KWS for financial professionals provide access to external databases and the ability to analyze massive amounts of financial data very quickly. Describe how the following systems support knowledge work: CAD, virtual reality, augmented reality, and investment workstations. CAD systems automate the creation and revision of designs using computers and sophisticated graphics software. Benefits include the production of more sophisticated and functional designs, reducing the time required to produce designs, reducing expensive engineering changes, preparing fewer prototypes, and facilitating the tooling and manufacturing process. Virtual reality systems have visualization, rendering, and simulation capabilities. This type of system uses interactive graphics software to create computer-generated simulations that are so close to reality that users believe they are participating in a real world. The users actually feel immersed in the computer-generated world. Virtual reality provides educational, scientific, and business benefits.

Augmented reality is related to virtual reality and enhances visualization by providing a live direct or indirect view of a physical real-world environment whose elements are augmented by virtual computer-generated imagery. The user remains grounded in the real physical world, and the virtual images are merged with the real view to create an augmented display. Investment workstations are computer systems that access and manipulate massive amounts of financial data to manage financial trades and portfolio management. In addition to massive amounts of data, financial data are produced so quickly that specialized, very powerful systems are necessary to keep up with the rapid speed of finance and financial changes. 4. What are the business benefits of using intelligent techniques for knowledge management? Define an expert system, describe how it works, and explain its value to business. Expert systems are an intelligent technique for capturing tacit knowledge in a very specific and limited domain of human expertise. These systems capture the knowledge of skilled employees in the form of a set of rules in a software system that can be used by others in the organization. Expert systems model human knowledge as a set of rules that collectively are called the knowledge base. The strategy used to search through the collection of rules and formulate conclusions is called the inference engine. The inference engine works by searching through the rules and firing those rules that are triggered by facts gathered and entered by the user. Expert systems help organizations make high-quality decisions with fewer people. They are used in discrete, highly structured, decision-making situations where expertise is expensive or in short supply. RULES IN AN EXPERT SYSTEM

Define case-based reasoning and explain how it differs from an expert system. Case-based reasoning (CBR) uses descriptions of past experiences of human specialists, representing them as cases and storing them in a database for later retrieval when the user encounters a new case with similar parameters. The system searches for stored cases similar to the new one, locates the closest fit, and

offers the solution to the old case for use with the new case. If the new case fits the solution, it is added to the case database. If not, the case will be added with a new solution or explanations as to why the solution did not work. CBR differs from expert systems in that it captures the knowledge of the organization rather than a single expert, and the knowledge is captured as cases rather than if-then rules. Also, expert systems work by applying IF-THEN-ELSE rules against a knowledge base whereas CBR represents knowledge as a series of cases. With case-based reasoning, the knowledge base is continuously updated by the users. HOW CASE-BASED REASONING WORKS

Define a neural network and describe how it works and how it benefits businesses. Neural networks are usually physical devices (although they can be simulated with software) that emulate the physiology of animal brains. Neural networks are used for solving complex, poorly understood problems for which large amounts of data have been collected. They find patterns and relationships in massive amounts of data that would be too complicated and difficult for a human being to analyze. Neural networks learn patterns from large quantities of data by sifting through data, searching for relationships, building models, and correcting over and over again the models own mistakes. In a neural network, the resistors in the circuits are variable, and can be used to teach the network. When the network makes a mistake, i.e., chooses the wrong pathway through the network and arrives at a false conclusion, resistance can be raised on some circuits, forcing other neurons to fire. Used after a false conclusion, intervention teaches the machine the correct response. If this learning process continues for thousands of cycles, the machine learns the correct response. The simple neurons or switches are highly interconnected and operate in parallel so they can all work simultaneously on parts of a problem. Neural

networks are very different from expert systems where human expertise has to be modeled with rules and frames. In neural networks, the physical machine emulates a human brain and can be taught from experience. HOW A NEURAL NETWORK WORKS

Define and describe fuzzy logic, genetic algorithms, and intelligent agents. Explain how each works and the kinds of problems for which each is suited. Fuzzy logic is a rule-based AI technology that tolerates imprecision by creating rules that use approximate or subjective values and incomplete or ambiguous data. Fuzzy logic represents more closely the way people actually think than traditional IF-THEN rules. For example, if we all agree that 120 degrees is hot and -40 degrees is cold, then is 75 degrees hot, warm, comfortable, or cool? The answer is fuzzy at best and cannot be programmed in an IF-THEN manner. Japans Sendai subway system uses a fuzzy logic system to control acceleration so it will operate more smoothly. Genetic algorithms (adaptive computation) are a variety of problem-solving methods that are conceptually based on the method that living organisms use to adapt to their environment (process of evolution.) Genetic algorithms control the generation, variation, adaptation, and selection of possible problem solutions using genetically-based processes. As solutions alter and combine, the worst ones are discarded and the better ones survive to go on and produce even better solutions. Genetic algorithms are particularly suited to the areas of optimization, product design, and the monitoring of industrial systems. Organizations can use genetic algorithms to minimize costs and maximize profits and schedule and use resources efficiently. Genetic algorithms are ideal when problems are dynamic and complex and involve hundreds of variables or formulas. For example, General Electric used a genetic algorithm to help them design a jet turbine aircraft engine that required the use of about 100 variables and 50 constraint equations. Intelligent agents are software programs that use a built-in or learned knowledge base to carry out specific, repetitive tasks for an individual user, business process, or software application. By watching the user of a program or system, an intelligent agent may customize the software system to meet the users needs, reducing software support costs. Intelligent agents can be used as wizards to help users do or learn how to perform a given task. Intelligent agents can be used to carry out smart searches of the database, data warehouse, or the Internet, reducing search costs and avoiding the problems of misdirected searches. Agentbased modeling applications model consumer, stock market, and supply chain behavior.