NMIMS Global Access

School for Continuing Education

(NGA-SCE) Course: Information
Systems for Managers

1. Farokh Motorwala is the CTO at D’Costa Cosmetics in Hyderabad, Farokh wants to

revamp the firm's IT Infrastructure and align it to the Corporate Strategy.
In order to do this, what are the Technical and Business Considerations for Farokh? What
are the Laws of IT Infra which Farokh must keep in mind? (10 Marks)

ANS 1)
Introduction
The information technology (IT) systems should effortlessly support overall business goals
and objectives. This alignment, however, is not always easy to achieve. Many businesses find
that their IT systems are either too expensive to maintain, too cumbersome to use efficiently,
or simply do not provide added business value.
Concept and Application
Business-IT alignment simply describes a state where a business is able to use IT to achieve
its objectives. In this state, IT is a valuable asset rather than a utility or an expense. The
system functions across the business with optimal efficiency and is more likely to achieve a
positive return on IT investment.
Achieving business-IT alignment can help improve business performance. It can also:

 boost efficiencies and profitability

 improve collaboration
 enhance customer experience
 improve supply chains
 achieve greater return on technology investments
 reduce the risks associated with business and technical change
To align IT strategies with corporate goals, Farokh must:

 know the business objectives and strategy

 know the current IT capabilities and gaps
 consider both priorities and investment within the IT strategy
To implement this Farokh have to look for

 areas of underperformance
 engaging with customers and suppliers to identify pain points
 benchmark to see how business compares to others
 identify the key processes that matter most to business (eg customer service,
manufacturing systems, etc)
After Farokh determines how IT can fit with business priorities, he should develop an IT
strategy. This is a long-term plan that defines how and why the business will use IT to
achieve its business objectives.
IT foundation is the streets, passages and administrations that convey and safeguard the
information. Basically, it empowers your business to do the things it necessities to do. From
straightforward client assistance messages to compositional plan, the revamped IT should
have answers for all.
The technology review needs to cover several key business IT considerations, with attention
being paid to their current status and changing requirements. Here are the 12 key business IT
considerations for next technology review:
1. Conduct hardware inventory

It’s necessary to replace or upgrade all hardware over time. Desktop machines, servers,
printers, and networking devices have a limited useful life. An audit should determine what
existing hardware needs upgrading and what new equipment will be needed.
2. Manage software assets

Software also needs upgrading at regular intervals. Out-of-date software can have dangerous
security holes. Existing licenses may include upgrades, or it may be necessary to buy them
separately. The number of licenses may have to increase if the workforce is growing.

3. Manage data assets

Data storage requirements can grow, and data may need to be managed in new ways. Storage
systems need to keep up with growth, and backups need to keep it all safe. Migrating data
storage to a cloud service may be more cost-effective than expanding on-premises storage,
provided contractual and regulatory requirements allow it. Due to how valuable data assets
are, correctly identifying and classifying assets is a key step in your technology review. This
means having a system for data inventory, where the business has a catalogue of the data that
they own. Employee approvals should also be routinely managed, so that the right approvals
sit with the right people.

4. Practice risk management

Security and risk management are a huge and rapidly growing concern. Ransomware and data
theft can inflict serious harm on a business. Risk assessment and protection need to operate
both at the level of individual systems and the network as a whole. The weakest device can
compromise the entire network. As already mentioned, keeping software updated and data
backed up are important parts of the security strategy. Access control can greatly improve
security. If systems don’t have unnecessary access privileges, they can’t do as much damage
if they’re breached. If past policy has been to assume that everything inside the network can
be trusted, the policy seriously needs revision during your technology review.

5. Establish disaster recovery and business continuity

Events such as floods and fires can destroy a business’s on-premises IT systems. Without a
recovery plan, they’re likely to destroy the business itself. A disaster recovery plan is a
necessary part of business IT considerations to survive such eventualities. This plan requires
more than just backup. It needs to consider how much downtime is acceptable, and whether it
will be possible to get systems running again in that time frame. A cloud-based failover can
greatly reduce the worst-case downtime scenario.
.

6. Cyber security obligations

Realise cyber security obligations as a business owner and embrace holistic, end-to-end,
rules-based solutions. Hiring IT professionals to do a technology review and investigate the
best cyber security options for business is a great way to handle information security.

To make sure data is secure, teams also needs to be trained and fully across what they should
do in the case of an attack. They also need to understand the preventative measures that need
to be taken in order to prevent an attack in the first place. Up-to-date education and training
around cyber security should be made the norm in the workplace, so that every employee can
see how they play a part in keeping company data safe.

Following are the laws of IT infrastructure

1. Auditing

An IT audit is an excellent way to ensure that your IT infrastructure is operating as it should

be, and also to offer potential solutions for further optimisation. A comprehensive IT
infrastructure audit will take a look at all your hardware devices and network structure to
ensure that your equipment is sufficient for their assigned tasks (i.e. your server device isn’t
sluggish and overheating from being underpowered). They will identify any opportunities to
improve performance within the hardware or network devices.

2. Updates

This maintenance process applies more specifically to the software category of IT

infrastructure. Updates are periodically rolled out for software in order to patch security
vulnerabilities, to fix buggy coding (which may be affecting performance) and also to roll out
new features. The hardware devices may sometimes require driver updates or patches as well;
these are absolutely crucial in terms of maintaining your infrastructure. While software
updates can range in importance (from security to a harmless glitch), hardware updates are
usually less frequent and incur much more important additions to the performance and
function of the device.

3. Backups

Backups are an essential component of IT infrastructure maintenance. Overall, maintaining

your IT infrastructure is your significant contribution to the business continuity. On the same
note as backups and business continuity; ensure that you do have disaster recovery steps in
place as well. This should form part of the business continuity plan.

4. Security

Security upkeep and maintenance is a huge part of your IT infrastructure. The network, the
firewall, the server access, end-user devices, emails, etc. These are all subject to potential
cyber attack, or infiltration and have the potential to completely collapse whole system.
Security maintenance and upkeep within the context of your IT infrastructure covers a few
things. Namely, cyber security protocols, security tools, network monitoring, and security
testing.

Conclusion
Keeping a company’s IT in working order requires reviewing it periodically. An audit of all
current and planned practices keeps managers informed of all relevant business IT
considerations when asking outside companies for quotes on management, support, and
consultation. Asking informed questions allow companies to give answers on technology
considerations that will be useful to the business.
 With technology now playing a major role in the set-up and daily running of businesses, it’s
important to keep abreast of fast-paced technological changes and what technologies are right
for your business. Knowing how technology can grow and shape your small-to-medium
business ― no matter what industry you’re in ― will have huge benefits on employee
productivity, exposure to new clients and customers, and information security.

********

Q2. Bharat Petroleum Corporation Limited (BPCL) is an Indian government-owned oil and
gas explorer and producer. BPCL's CEO is K. Padmakar. In this role, what is the Focus
of the CEO’s role (i.e. Objectives, Kinds of Decisions, information needed, Timeframes
etc.)? What are the Primary IS & Supporting IS Used (Description Data Types, Kind of
Data, Type of Processing, which provides data to these IS)? (10 Marks)

Ans 2)

Introduction:

The information system required at highest level of any organization like Chief Executive
officer is different. They need information that is aggregated, enables drilling- down,
summarizes all activities and provides details about the industry at large.

Concept and Application:

Management information system (MIS) for executives is required by CEO is known as

Executive support system. An executive support system (ESS) is a type of management
support system that facilitates and supports senior executive information and decision-
making needs. It provides easy access to internal and external information relevant to
organizational goals.

Focus of CEO’s Role

Objective:
The main objective of a CEO is obviously to ensure the sustainability, profitability and
development of the company. It is largely on his shoulders that the responsibility for
setting and giving the company's major strategic directions rests.

Kinds of Decisions:

CEOs need to make decisions on strategy, resource allocation, hiring and firing that
significantly impact the business.

Information needed by CEO:

Flooding a CEO with raw data is one of the quickest ways to reduce his ability to drive
company performance. Decision making is impeded when evaluating information that is
wrong or excessive and thus [data] should be limited to the absolute minimum and most
relevant available.

1. CEOs need information that is normalized

CEO should have some priorities for the company and he needs data which is
normalized as per the priorities of the organization.
 2. CEOs Need information that is predictive.
CEO set the future direction of the company, but the data is historical in nature. So,
based on this historical data predictive forecast data is required by CEO.
3. CEOs Need information from and about the entire organization
Finally, the best CEOs build systems for gathering information from the entire
organization, not just the executive team.
Executive support systems are usually highly visual in nature with graphs, charts and
diagram used to convey the most of the information. ESS has graphical displays and easy-
to-use user interfaces. They offer strong reporting and drill-down capabilities. In general,
ESS are enterprise-wide Decision support system (DSS) that help top-level executives
analyze, compare, and highlight trends in important variables so that they can monitor
performance and identify opportunities and problems. ESS and data
warehousing technologies are converging in the marketplace.

ESS nowadays are applied by top executives in following areas

Manufacturing
Manufacturing is the transformation of raw materials into finished goods for sale, or
intermediate processes involving the production or finishing of semi-manufactures. It is a
large branch of industry and of secondary production. Manufacturing operational control
focuses on day-to-day operations, and the central idea of this process is effectiveness.
Marketing
In an organization, marketing executives' duty is managing available marketing resources
to create a more effective future. For this, they need make judgments about risk and
uncertainty of a project and its impact on the company in short term and long term. To
assist marketing executives in making effective marketing decisions, an EIS can be
applied. EIS provides sales forecasting, which can allow the market executive to compare
sales forecast with past sales.
Financial analysis
Financial analysis is one of the most important steps to companies today. Executives need
to use financial ratios and cash flow analysis to estimate the trends and make capital
investment decisions. An EIS integrates planning or budgeting with control of
performance reporting, and it can be extremely helpful to finance executives. ESS focuses
on financial performance accountability, and recognizes the importance of cost standards
and flexible budgeting in developing the quality of information provided for all executive
levels.

Conclusion
ESS helps executives find data according to user-defined criteria and promote
information-based insight and understanding. Unlike a traditional management
information system presentation, ESS can distinguish between vital and seldom-used
data, and track different key critical activities for executives, both which are helpful in
evaluating if the company is meeting its corporate objectives.

************

3. Jennifer Roberts has just been hired as the CIO at Hawthorne Investments. During her
interview, Vijay Ananth, the CEO, had tasked Jennifer with the responsibility of
revamping the firm’s IT Infrastructure. Now that Jennifer has come onboard, she is keen
 to get started on the Infra Revamp initiative and has targeted BYOD as her first initiative.

a. What is BYOD? Explain the three (3) levels of BYOD? (5 Marks)

Ans 3a)

Bring your Own Device (BYOD) is the set of policies in a business that allows
employees to use their own devices – phone, laptop, tablet or whatever – to access
business applications and data, rather than forcing employees to use company-provided
devices for that purpose.
BYOD security is an essential concern for corporate executives. BYOD solutions can
boost employee productivity and morale in many circumstances. Personal device access
to an organization's network, on the other hand, if left neglected by IT, can pose major
security risks.
Following are security levels of BYOD
 Unlimited access
 Access to non-sensitive systems and data only
 Access to sensitive data with IT control over personal devices
 Access to sensitive data without the ability to store it on personal devices

b. What are the Pros & Cons (2 each) of BYOD? (5 Marks)

Ans 3b)

Pros of BOYD
Cost savings
With a BYOD policy in place for your business, the need for hardware such as laptops and
work mobiles will significantly decrease. Additionally, employees will typically be more
inclined to take better care of their own equipment, further reducing the possibility of having
to provide alternatives should they damage or lose their own property.
Efficiency
With so many brands on the market, each with their own individual functionality, it’s
inevitable that a proportion of staff will have to go through training to become familiar with
the equipment provided by their employer. With BYOD, staff are already familiar with their
hardware and often have an extensive knowledge of its features and capabilities, due to
regular use. In regard to new starters, this is particularly beneficial, as they can essentially ‘hit
the ground running’.
Cons of BOYD

Security risks
Perhaps the most significant disadvantage of a BYOD policy is the risk to security, with
employee devices not possessing the advanced security measures that office equipment will
typically have. Furthermore, if devices are lost, stolen or misplaced, this could lead to
unwanted, third -party individuals gaining access to confidential and sensitive information,
particularly if these devices are not password protected.
Complex IT support
With all employees possessing the same computer, laptops, tablets and smart devices, it is
much easier for the IT department to support staff and fix devices, should issues occur. With
a BYOD policy in place, this process can become increasingly complex, with all individual
pieces of equipment having their own individual needs and repair solutions. Further
complications could occur when business-wide, custom software needs to be uploaded and/or
updated across all devices. This process is unlikely to be as streamlined and efficient as it
could be if all staff was using equipment provided by their employer, possibly resulting in
added costs to ensure all hardware is compatible with company software.

**********