This book gives a condensed introduction to information systems and their use in companies and organisations. Their role in organisations and how they can contribute to a successful enterprise is explained. The book has a non-technical focus, but introduces fundamental technical concepts and vocabulary, such as computer parts, data storage, databases and networks. The fundamentals of systems development are explained. Attention is also given to e thical aspects of information systems and their role in society. Essentials of Information Systems introduces the concept of information systems in a condensed and accessible form. The book equips the reader with basic knowledge of the information systems necessary in any modern organisation. This book can be read by anyone interested in information s ystems. It is particularly suitable for introductory courses in b usiness and information systems.
| essentials of information systems
essentials of information systems
jonas flodén
Jonas Flodén holds a PhD in Business administration and is senior lecturer at the Department of Business Administration, School of Business, Economics and Law at University of Gothenburg, Sweden.
essentials of information systems
The second edition is updated with extended information on topics such as Blockchain, Big data, A/I and Internet of Things. The discussion on privacy, ethics, source evaluation and environmental aspects of IT has been expanded. Further, more study questions and examples have been added.
studentlitteratur.se
Art.nr 35853
2nd ed.
Second edition
jonas flodén
Copying prohibited This book is protected by the Swedish Copyright Act. Apart from the restricted rights for teachers and students to copy material for educational purposes, as regulated by the Bonus Copyright Access agreement, any copying is prohibited. For information about this agreement, please contact your course coordinator or Bonus Copyright Access. Should this book be published as an e-book, the e-book is protected against copying. Anyone who violates the Copyright Act may be prosecuted by a public prosecutor and sentenced either to a fine or to imprisonment for up to 2 years and may be liable to pay compensation to the author or to the rightsholder. Studentlitteratur publishes digitally as well as in print formats. Studentlitteratur’s printed matter is sustainably produced, both as regards paper and the printing process.
Art. No 35853 ISBN 978-91-44-12348-6 Edition 2:1 © The author and Studentlitteratur 2018 studentlitteratur.se Studentlitteratur AB, Lund Cover design: Lotta Bruhn Cover illustration: Shutterstock Printed by Interak, Poland 2018
CONTENTS
Reading instructions 7
1 What are information systems? 9 Data, information and knowledge 9 A system 12 Information system 13 Information technology 14 The need for information in decision making 14 Types of information systems 18 Justification for information systems 20 Study questions 22 References 23 2 Information systems as a part of the business strategy 25 The value chain 25 Business processes 26 Five forces 29 Competitive strategies using IT 30 The hype curve 32 Study questions 35 References 36
© T h e au t h o r and S t u dentlitterat u r
3
Contents
3 Computer systems 37 What is a computer? 37 A brief history of the computer 37 Moore’s law 42 Digital 44 Type of computers 45 Computer parts 46 Computer standards 48 Operating system 49 Study questions 53 4 Data storage 55 Primary storage 56 Secondary storage 57 Long-term storage 60 Study questions 63 References 63 5 Networks 65 Metcalfe’s Law 65 LAN, WAN and servers 66 The Internet 67 Study questions 75 References 76 6 Databases 77 The data hierarchy 77 Relational database 79 Redundancy 80 Database management systems 81 Blockchain 81 Data warehouse 83
4
© T h e au t h o r and S t u dentlitterat u r
Contents
Data mining 83 Big data 85 Study questions 86 7 Information systems in an organisation 89 Enterprise Information Systems 90 The evolution of Enterprise Information Systems 93 The structure of an Enterprise Information System 97 Specialised information systems 101 Study questions 101 References 102 8 Systems development 103 Business processes 104 Development costs and risks 105 User involvement and acceptance 109 Systems Development Life Cycle 112 Open source software and proprietary software 123 Study questions 125 References 126 9 Computer crime and security 127 Computer crime 127 Computer security 133 Study questions 143 References 144 10 Computers as part of society 145 Digital divide 146 Cultural lag 148 Digitalisation and digitisation 148 Artificial intelligence 149 © T h e au t h o r and S t u dentlitterat u r
5
Contents
Internet of Things 151 Privacy 152 Environmental impact 161 Evaluting information on the Internet 165 Study questions 170 References 172 Index 173
6
© T h e au t h o r and S t u dentlitterat u r
CHAPTER 7
Information systems in an organisation
Many different computer-based information systems of different sizes exist in an organisation today. They range from small specialised systems, e.g. the system built into a cash register, to large enterprise-wide systems covering all aspects of the business. All these systems together with the people and procedures form the information system of the organisation. The information system in an organisation is a web of different systems are more or less well integrated with each other.
The core of the information system in an organisation is often a large enterprise-wide system that aims at integrating all parts of the business in one system that shares data and processes in the organisation. This
Specialised information system
Specialised information system
Figure 7.1  Core system and specialised systems together form the information system.
Š  T h e au t h o r and S t u dentlitterat u r
Enterprise Information System
Specialised information system
Specialised information system Information System
89
7 Information systems in an organisation
central Enterprise Information System (EIS), or sometimes called only Enterprise System (ES), is then combined with separate smaller systems for specialised tasks. Specialised information systems could be e.g. technical design systems, e-mail systems, communication systems or some other system that offers a function that is not offered by the EIS or where the organisation has chosen not to use an EIS. These systems might not be technically directly integrated with the other systems, but they are still part of the organisation’s information system. Remember from the definition of information systems that it includes not only the computers but also the people and procedures, and that it can be divided into subsystems. The structure of the information systems might look very different in different companies. Some lack a central EIS and rely only on separate stand-alone systems, while others have a very large EIS and few separate systems. Most companies have a mix of new and old legacy information systems. In reality, the systems are not always as modern and well integrated with each other as you might be led to believe from reading newspaper articles and textbooks. When following the rapid IT development according to Moore’s Law, it is easy to assume that companies replace their information systems regularly and always have the most advanced and integrated information systems, just as people replace their mobile phones and home computers every few years. However, that is far from the truth. Companies might for example operate a 20-year-old system side by side with state-of-the-art systems, and old systems might be built into newer systems. The high cost and complexity involved in replacing systems persuade many companies to avoid replacing systems unless it is absolutely necessary. Mergers with other companies or the addition of a new factory or warehouse etc. might also introduce new (or old) systems into the information system.
Enterprise Information Systems The fundamental idea of the large Enterprise Information Systems (EIS) that constitutes the core of the information system is to integrate seamlessly the information flow throughout the organisation. These systems are largescale systems that are enterprise wide, i.e. they integrate all parts of the business enterprise, and can handle large volumes of data. The overall aim 90
© T h e au t h o r and S t u dentlitterat u r
7  Information systems in an organisation
of an EIS is to plan, measure and control the business. An EIS does this by combining several smaller and previously separate information systems, e.g. the accounting system, the logistics system etc. into one system. All core activities in the company are thereby integrated into one information system where the same data is visible to all parts of the company. The aim is to avoid so called information silos where information is seperated in different subsystems and not integrated or shared. EISs are purchased as, more or less, standard systems from software vendors. Well known providers of EISs are SAP, IFS, Oracle and Jeeves, but many others exist. It is important to note that, although EISs are common, they are not utilised in all organisations. Many still rely only on the separate smaller stand-alone systems with less integration.
Benefits A successful EIS reduces costs and enables the company to react more quickly to changes in the market, which results in more satisfied customers. A common information system also helps to unify the structure and processes of the organisation. The EIS improves the information flow and thereby provides better information support for planning and decision making. Better access to information allows managers to make faster and more informed (and thereby hopefully better) decisions. Without an EIS, it is not unusual for managers to get reports from dozens of systems in different formats and sometimes containing contradictory information. The integrated information system eliminates the need to store the same data redundantly in several systems and make time consuming (and often complicated) data transfers between the systems. It also reduces the number of information systems that need to be maintained and updated in the company. A seamless information flow also allows operational processes and decisions to be automated and taken over by the system, such as production scheduling and invoicing. A customer order can, for example, automatically trigger the scheduling of the production, ordering of raw material, booking of transport etc. and other operational decisions. This reduces costs and improves efficiency and would not have been possible unless all systems were connected. Š  T h e au t h o r and S t u dentlitterat u r
91
7 Information systems in an organisation
Drawbacks The main drawbacks of an EIS are high investment costs combined with a difficult and expensive implementation, difficulties in adapting the complex and rigid EIS to the organisation and a high degree of system dependency. The implementation of a large EIS is known to be very troublesome. Introducing a large system, such as an EIS, is a very complex task that requires fundamental changes to the organisation. There are many examples of companies that have failed in their implementation and been forced to abandon the EIS at very high costs. Organisations underestimate the complexity of the system and the commitment and resources needed for a successful implementation. A troublesome EIS implementation
The Swedish Social Insurance Agency (Försäkringskassan) introduced a new information system for dental care benefits. The system is based on one of the leading EISs and the original implementation was, during the planning stage, Picture: Wikipedia/ David Shankbone. estimated at €7.6 million. However, the implementation was delayed and had trouble meeting the original requirements. After receiving heavy criticism, a government review report three years later estimated the costs at €36 million or almost five times the original cost. The Social Insurance Agency seriously underestimated the complexity of introducing the EIS. The original implementation plan also included introducing the same EIS into 46 other social benefit systems. However, this was cancelled after the implementation of the dental system.
EISs have been criticised for being rigid and forcing the company to adapt to the processes built into the EIS, rather than having the EIS adapt to the company. The systems are designed and standardised according to what the software vendor considers to be the “best practice” business process for the function, e.g. how to manage a warehouse. These built-in best practices can be adjusted with settings in the EIS, but only to a certain extent. Adapting to best practice might be very beneficial for a company, but there is also a risk 92
© T h e au t h o r and S t u dentlitterat u r
7 Information systems in an organisation
Enterprise Information System Best-Practice
Existing Business Processes EIS Implementation
Figure 7.2 Business processes and EIS must be adapted to each other.
New Business Processes
that a company loses its unique competitive advantage if it has to adapt to a given “best practice”. As a comparison, a student forced to study according to a given ”best practice” on how to study might not at all be successful as that way of studying might not fit that individual. See figure 7.2. Introducing an EIS also makes the company very dependent on the system. Business processes are changed to adapt to the system and the EIS might control many of the routine decisions. For example, employees that previously handled invoices manually have been assigned to different tasks or left the organisation. Returning to the business process used before the implementation will be a task almost as challenging as implementing the EIS. Once implemented, the system must therefore always work. If the EIS stands still, then the business will also stand still.
The evolution of Enterprise Information Systems The Enterprise Information Systems have evolved over several decades. This evolution has been caused not only by the technical development and the decreasing cost of computers, but also by businesses realising the advantages that could come from computerised information systems. The evolution has gone from expensive systems with a limited scope, only used by the largest companies in the 1970s, to smaller and less expensive systems used by many companies today and covering all business areas. © T h e au t h o r and S t u dentlitterat u r
93
7 Information systems in an organisation
Material Requirements Planning – MRP The evolution of the modern EIS started in the early 1970s with the introduction of the Material Requirements Planning system (MRP). These systems were production planning and inventory control systems for the manufacturing industry. The focus was on managing the inventory. Managing the manufacturing process of a product is much like doing a big jigsaw puzzle. A number of components must be put together in the right order and in the most efficient way. This, in essence, is a large mathematical problem which computers are well suited to solve. Computers are very good at performing calculations, keeping track of numbers and knowing how different things are connected to each other. The automotive industry was a forerunner in the use of MRP systems with their expensive, complex products with a large number of parts. The MRP system used backward scheduling based on incoming customer orders and the dates the ordered products must be finished. The desired completion date was used to calculate the required start date for the manufacturing. Each product was divided into a number of sub-components and raw materials using a list called bill of materials, or BOM. The BOM shows which components are needed to manufacture a product. By using the BOM, the MRP system could calculate the raw materials required, check what the company had in storage and, if needed, order more materials in suitable quantities. Previously, many companies only reacted to historical data, since the lack of a central system meant that the warehouse did not always know what was currently being produced and the production department did not always know if the needed raw material was in stock. For example, a company ordered more raw materials when the warehouse was empty or a shortage existed, thus reacting to something that had already happened. Manual production planning also meant that human errors were common. With MRP systems, the companies could instead react to current data, i.e. their incoming customer orders. This meant that they could keep lower stock levels and have a more accurate production planning. The MRP systems were designed according to the idea that there were standard business processes that could be used in all similar companies. Two companies using the same type of MRP system would thus use the same underlying processes for how production planning and inventory control are done. 94
© T h e au t h o r and S t u dentlitterat u r
7 Information systems in an organisation
The MRP systems were the first successful standardised enterprise information systems. Previous attempts to use computer systems had been tailor-made to the organisation, resulting in high development and implementation costs. The early MRP systems were expensive and complicated systems, only used by the very large companies.
Manufacturing Resource Planning – MRP II The Manufacturing Resource Planning systems, or MRP II, were introduced in the 1980s. They were based on the MRP systems but were extended to plan the entire manufacturing process. The original MRP system focused on the inventory and materials requirement, while the MRP II system also included the planning of labour resources, equipment etc. along with the materials planning. Financial functions were also included since companies realised that changes in the inventory levels also resulted in financial transactions. For example, an inflow of raw material to the warehouse must also result in an increase in the inventory assets in the bookkeeping. When a product is sold, the inventory asset should be decreased and the accounts receivable (i.e. what the customer owes the company) be increased. It therefore made sense to include manufacturing and finance in the same system.
Enterprise Resource Planning – ERP The next step came with the introduction of Enterprise Resource Planning systems, or ERP, in the 1990s. Computer-based information systems were by this time common in most departments in a company, but they did not communicate with each other. MRP II had successfully integrated the manufacturing systems, but other departments still remained as separate computer systems. Transferring data between the systems was troublesome and time consuming. Sometimes, conflicting data might be found in different systems, e.g. the shipping address for an order could be different in the logistics system and in the customer order system. A top manager wanting to know the overall status of the company would commonly have to collect data from dozens of different systems. This caused inefficiencies and prevented the company from quickly reacting to changes in the market. The ERP system is built around a central database that stores all data © T h e au t h o r and S t u dentlitterat u r
95
7 Information systems in an organisation
Module
Supply Chain module
Module
Human Resources module
Central database
Customer Relationship module
Module
Accounting module
Module
Figure 7.3 Structure of an ERP system.
in the company. Different software modules are then added for each department in the company and connected to the central database. Any change in one of the modules is then immediately visible for the other modules through the central database. For example, if the manufacturing department updates information in the production module that a customer order has been produced and is ready to ship, then this can immediately be seen by the sales department in the customer relationships module and by the logistics department in the logistics module. See figure 7.3. An ERP system also automates some business processes. A number of standard processes are always performed in a company. For example, an incoming customer order should result in a production order for the factory, a credit check by the financial department, a transport booking by the logistics department etc. These standard processes can easily be automated when all systems are connected to each other, thus increasing speed and reducing errors.
96
© T h e au t h o r and S t u dentlitterat u r
7 Information systems in an organisation
The structure of an Enterprise Information System An Enterprise Information System consists of a number of connected modules with different functions. Like pieces in a puzzle, the modules are put together. Each company decides how many and which modules they want to purchase. Some companies start with a limited number of modules and add more modules later, while others get modules for all departments straight away. A traditional EIS, like the ERP system, is purchased as a package from one software vendor that offers all modules required. This gives a system where the modules are well integrated. However, this also makes the company very dependent on one software vendor. New modules can only be purchased from that vendor. Different vendors offer a different selection of modules, so there is a risk that the module you want is not available from your vendor. The quality of the modules might also be different, where e.g. a vendor can offer a good logistics module but an inferior accounting module. The very high costs in replacing the EIS system and switching to another software vendor, ties the company to one vendor for a long time. See figure 7.4. Another option is to use Enterprise Application Integration or EAI, which is a technical solution that allows computer systems from different vendors to integrate with each other. Adding independent EAI connections, or
Figure 7.4 A screen dump from a CRM module in an EIS, Source: IFS.
© T h e au t h o r and S t u dentlitterat u r
97
7  Information systems in an organisation
middleware, between existing systems allows them to exchange information through EAI. This means that the existing systems in the company do not have to be replaced all at once, as with an ERP system. Instead, they can still be used and new systems, or modules, can be added from different vendors. An EAI solution has a lower investment cost and lower risk, but each system or module will still use its own database and processes and will not be completely integrated. It is also possible to employ an EIS that is not physically installed at the company. It is becoming common to access the EIS over the Internet. The software and data are then located on a server connected to the Internet and accessed through a normal web browser. The server is operated by the EIS software provider. These often web-based EISs have the advantage that they require no special hardware or software installation at the company. This means that the initial investment costs are lower and that it requires less technical knowledge in the organisation to operate. The company pays a subscription fee for the use of the system but everything else, such has hardware investments, upgrades, and maintenance is managed by the software provider. The system can also be accessed wherever there is an Internet connection. This way of selling a system is called Software as a Service (SaaS). SaaS is also commonly known as cloud computing. The term cloud computing, or the Cloud, could also include other computing services delivered in a similar way, e.g. access to infrastructure such as networks and servers. The underlying rationale behind this idea is that a specialised software provider could run the system more cost efficiently at one central site, than if several organisations would run local copies of a system. This is achieved by utilising economies of scale and a higher level of competence among the staff. For example, several customers can share the same servers, backup systems etc. and the staff will have greater experience with the system and can be more efficient in e.g. upgrading and problem solving. Temporary demand peaks from one customer can be balanced against temporary demand lows from another customer, thus reducing the need for spare capacity. However, the core idea of accessing the EIS over the Internet also means that the company must put all its sensitive data on a server belonging to the software provider. This gives a number of added risks. Most SaaS providers know their business and can protects the customer data and make sure 98
Š  T h e au t h o r and S t u dentlitterat u r
7 Information systems in an organisation
that the system is on-line, but what happens if the software provider goes bankrupt or decides to stop selling their system as SaaS? How can we make sure that we always have access to our data? A local system, e.g. ERP, could still be used if the provider goes bankrupt, but not an SaaS system. There is also a legal aspect, where the software provider’s server might be located in a different country governed by different laws. This can give unforeseeable consequences, e.g. in who has the right to access the data. Many government agencies have regulations prohibiting them from using services that store data outside their own country, as the risk that secret information is leaked is considered too high. Similar issues also occur with other online services, such as file hosting services (e.g. Dropbox), image hosting services (e.g. Flickr), e-mail (e.g. Gmail), or social communities (e.g. Facebook). An EIS can also be integrated in different types of mobile devices, e.g. smartphones. This allows mobile employees, e.g. truck drivers and travelling salespeople, to have access to the same information as their colleagues in the office. This also gives the managers in the office better opportunities to manage the mobile employees. Whichever technical solution is selected, the main function of the EIS remains the same: to plan, measure and control the business. The rapid development of computers and the introduction of concepts such as SaaS has meant that having an EIS has become a reasonable investment for most companies. From being used only by the largest companies, EISs have now become common in all types of companies.
Modules The main modules in an EIS are Accounting and Finance, Supply Chain Management (SCM), Human Resource Management (HRM) and Customer Relationship Management (CRM), although the names may vary between different systems. Putting names and labels on different modules is difficult. Not everyone agrees on e.g. what should be included in a CRM module, and similar modules can be given different names and scope by different software vendors. A module can also be divided into sub-modules. There is a large number of software vendors on the market, and everyone wants to market their system as unique. It is therefore important always to study carefully what the system actually does, and not only go by its name. © T h e au t h o r and S t u dentlitterat u r
99
This book gives a condensed introduction to information systems and their use in companies and organisations. Their role in organisations and how they can contribute to a successful enterprise is explained. The book has a non-technical focus, but introduces fundamental technical concepts and vocabulary, such as computer parts, data storage, databases and networks. The fundamentals of systems development are explained. Attention is also given to e thical aspects of information systems and their role in society. Essentials of Information Systems introduces the concept of information systems in a condensed and accessible form. The book equips the reader with basic knowledge of the information systems necessary in any modern organisation. This book can be read by anyone interested in information s ystems. It is particularly suitable for introductory courses in b usiness and information systems.
| essentials of information systems
essentials of information systems
jonas flodén
Jonas Flodén holds a PhD in Business administration and is senior lecturer at the Department of Business Administration, School of Business, Economics and Law at University of Gothenburg, Sweden.
essentials of information systems
The second edition is updated with extended information on topics such as Blockchain, Big data, A/I and Internet of Things. The discussion on privacy, ethics, source evaluation and environmental aspects of IT has been expanded. Further, more study questions and examples have been added.
studentlitteratur.se
Art.nr 35853
2nd ed.
Second edition
jonas flodén